NVD disclosure day

Published threat advisories for June 2, 2023

CVE advisoryKnown Exploit

CVE-2023-34362

MOVEit Transfer SQL Injection Vulnerability Advisory

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A SQL injection vulnerability affects the MOVEit Transfer web application, allowing unauthenticated attackers to access, alter, or delete database content. This presents a significant business risk due to potential data compromise. Exploitation has been observed in the wild.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2023-3000

ErMon lets attackers take control of systems or steal data through its web interface.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker can bypass login screens in ErMon to gain administrative control over the server. This allows unauthorized access to or manipulation of sensitive industrial monitoring data, potentially leading to full system compromise.

NVD published: