AOK: Software vulnerability - BSI confirms data leak
The AOK and many of their nationwide offices use the software product MOVEit Transfer. There is now the dangerous vulnerability CVE-2023-34362, which is not yet classified. However, the BSI has given the vulnerability the second-highest internal warning level, Orange, and writes “The BSI is monitoring the active exploitation of the vulnerability with confirmed data leakage.” The manufacturer Progress already published on May 31, 2023 that a critical vulnerability had been found in its software product MOVEit Transfer. Exploitation of the vulnerability allows privilege escalation and unauthorized access to the file system. Progress is already providing…