Home / Security updates / NetDocuments Not Affected By MOVEit Vulnerability (CVE 2023-34362)
NetDocuments Not Affected By MOVEit Vulnerability (CVE 2023-34362)
Security updates detail rendered from /security-updates/upd_342d75ca132ac377.
Overview
| ID | upd_342d75ca132ac377 |
| Collection | Security Updates |
| Provider | TrustShare (TrustCloud / Kintent) |
| Company | NetDocuments |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_342d75ca132ac377 |
| providerId | trustshare |
| organizationId | org_4a457454e923c339 |
| trustCenterId | tc_8fd59c21a514b60f |
| title | NetDocuments Not Affected By MOVEit Vulnerability (CVE 2023-34362) |
| type | general |
| message | Executive Summary NetDocuments is NOT affected by the MOVEit Vulnerability (CVE-2023-34362) On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data. In all cases the vulnerability was being exploited to upload a web shell onto the MOVEit Transfer server. The web shell allowed threat actors to enumerate files and folders on the MOVEit Transfer server, read configuration information, download files, and create or delete MOVEit server user accounts. (From https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023- 34362/) In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. (From https://nvd.nist.gov/vuln/detail/CVE-2023-34362) NetDocuments does not utilized MOVEit software and has no installations of it in either of its corporate or production networks. Key vendors do not provide services that would involve or utilize this application. NetDocuments is not affected by this vulnerability. History CVE-2023-34362 The CVE was first published on 02 June 2023. As of 08 June 2023, it appears as “Awaiting Analysis” on the associated NIST page. NetDocuments Status: NetDocuments Compliance Trust Services and Cybersecurity Teams began an investigation as to possible exposure to this vulnerability on 05 June 2023. That investigation found no instances of the application in the production or corporate networks. The Cybersecurity Teams concluded that NetDocuments is not affected by this vulnerability. |
| publishedAt | 2025-04-28 |
| gated | no |
| source | {
"field": "trustshare/notifications[]"
} |
| company | {
"id": "org_4a457454e923c339",
"name": "NetDocuments",
"domains": [
"trust.netdocuments.com",
"www.netdocuments.com"
]
} |
| trust_center | {
"id": "tc_8fd59c21a514b60f",
"name": "NetDocuments",
"url": "https://trust.netdocuments.com",
"host": "trust.netdocuments.com"
} |
| provider | {
"id": "trustshare",
"name": "TrustShare (TrustCloud / Kintent)"
} |
| links | {
"self": "/v1/security-updates/upd_342d75ca132ac377",
"company": "/v1/companies/org_4a457454e923c339",
"trust_center": "/v1/trust-centers/tc_8fd59c21a514b60f",
"provider": "/v1/providers/trustshare"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_342d75ca132ac377JSON