Protection from CVE-2023-34362 (MOVEit Transfer Critical SQL Injection Vulnerability)
A SQL injection vulnerability has been found in the Progress MOVEit Transfer web application and has been assigned CVE-2023-34362 (also known as MOVEit Transfer Critical SQL Injection Vulnerability). Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:
Log in to the Next-Gen WAF control panel.
From the Sites menu, select a site if you have more than one site.
- From the Rules menu, select Templated Rules.
- In the search bar, enter
CVE-2023-34362and then click View for the CVE-2023-34362 templated rule. - Click Configure.
- Click Add trigger and select the Block requests from an IP immediately if the CVE-2023-34362 signal is observed checkbox.
- Click Update rule.
Prior change: Edge deployment now available for the Premier platform
Following change: Attack signal thresholds are now aggregated
