# Vulnerabilidades - 2023 Exploração massiva de plataformas de transferência de arquivos - [[campaigns/moveit-transfer-campaign|MOVEit]] pelo Cl0p e [[campaigns/lockbit-citrix-bleed-2023|Citrix Bleed]] pelo LockBit definiram o ano. > [!danger] File Transfer Attacks > Destaque do ano com maior impacto operacional para organizações brasileiras e globais. --- ## CVEs Documentados %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2023" SORT cvss-score DESC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2023" SORT cvss-score DESC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2023" SORT cvss-score DESC --> | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | ----------------- | ------------------------------------------------------- | | [[cve-2023-22527\|CVE-2023-22527]] | 10 | Atlassian | Confluence Data Center / Server | | [[cve-2023-35078\|CVE-2023-35078]] | 10 | Ivanti | Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core | | [[cve-2023-41892\|CVE-2023-41892]] | 10 | Craft CMS | Craft CMS | | [[cve-2023-46604\|CVE-2023-46604]] | 10 | Apache | Apache ActiveMQ | | [[cve-2023-23397\|CVE-2023-23397]] | 9.8 | Microsoft | Microsoft Outlook | | [[cve-2023-27350\|CVE-2023-27350]] | 9.8 | PaperCut Software | PaperCut MF / NG | | [[cve-2023-27997\|CVE-2023-27997]] | 9.8 | Fortinet | FortiOS / FortiProxy SSL-VPN | | [[cve-2023-29059\|CVE-2023-29059]] | 9.8 | 3CX | 3CX Desktop App (Windows e macOS) | | [[cve-2023-32315\|CVE-2023-32315]] | 9.8 | Ignite Realtime | Openfire | | [[cve-2023-34048\|CVE-2023-34048]] | 9.8 | VMware | VMware vCenter Server | | [[cve-2023-34362\|CVE-2023-34362]] | 9.8 | Progress Software | MOVEit Transfer | | [[cve-2023-35036\|CVE-2023-35036]] | 9.8 | Progress Software | MOVEit Transfer | | [[cve-2023-3519\|CVE-2023-3519]] | 9.8 | Citrix | NetScaler ADC / NetScaler Gateway | | [[cve-2023-35708\|CVE-2023-35708]] | 9.8 | Progress Software | MOVEit Transfer | | [[cve-2023-42793\|CVE-2023-42793]] | 9.8 | JetBrains | TeamCity | | [[cve-2023-48022\|CVE-2023-48022]] | 9.8 | Anyscale | Ray (framework de IA distribuída) | | [[cve-2023-4966\|CVE-2023-4966]] | 9.4 | Citrix | NetScaler ADC / NetScaler Gateway | | [[cve-2023-48788\|CVE-2023-48788]] | 9.3 | Fortinet | FortiClientEMS | | [[cve-2023-20269\|CVE-2023-20269]] | 9.1 | Cisco | Cisco ASA / FTD | | [[cve-2023-1389\|CVE-2023-1389]] | 8.8 | TP-Link | TP-Link Archer AX21 (Wi-Fi Router) | | [[cve-2023-32435\|CVE-2023-32435]] | 8.8 | Apple | iOS / iPadOS | | [[cve-2023-37450\|CVE-2023-37450]] | 8.8 | Apple | WebKit (Safari, iOS, iPadOS, macOS) | | [[cve-2023-41974\|CVE-2023-41974]] | 8.8 | Apple | WebKit (Safari, macOS, iOS, iPadOS) | | [[cve-2023-41993\|CVE-2023-41993]] | 8.8 | Apple | WebKit / Safari / iOS | | [[cve-2023-43000\|CVE-2023-43000]] | 8.8 | Apple | WebKit (Safari/macOS/iOS/iPadOS) | | [[cve-2023-4762\|CVE-2023-4762]] | 8.8 | Google | Google Chrome | | [[cve-2023-52163\|CVE-2023-52163]] | 8.8 | DigiEver | DS-2105 Pro NVR | | [[cve-2023-46805\|CVE-2023-46805]] | 8.2 | Ivanti | Connect Secure (ICS) / Policy Secure | | [[cve-2023-3467\|CVE-2023-3467]] | 8 | Citrix | NetScaler ADC / NetScaler Gateway | | [[cve-2023-23376\|CVE-2023-23376]] | 7.8 | Microsoft | Windows Common Log File System Driver (CLFS) | | [[cve-2023-28252\|CVE-2023-28252]] | 7.8 | Microsoft | Windows Common Log File System Driver (CLFS) | | [[cve-2023-32434\|CVE-2023-32434]] | 7.8 | Apple | iOS / iPadOS / macOS | | [[cve-2023-32629\|CVE-2023-32629]] | 7.8 | Canonical | Ubuntu Linux (Kernel) | | [[cve-2023-38831\|CVE-2023-38831]] | 7.8 | RARLAB | WinRAR | | [[cve-2023-41061\|CVE-2023-41061]] | 7.8 | Apple | iOS, iPadOS, watchOS, macOS | | [[cve-2023-41064\|CVE-2023-41064]] | 7.8 | Apple | iOS, iPadOS, macOS, watchOS | | [[cve-2023-41990\|CVE-2023-41990]] | 7.8 | Apple | iOS / iPadOS | | [[cve-2023-41992\|CVE-2023-41992]] | 7.8 | Apple | iOS / iPadOS / macOS | | [[cve-2023-42824\|CVE-2023-42824]] | 7.8 | Apple | iOS / iPadOS | | [[cve-2023-21839\|CVE-2023-21839]] | 7.5 | Oracle | Oracle WebLogic Server | | [[cve-2023-27532\|CVE-2023-27532]] | 7.5 | Veeam | Veeam Backup & Replication | | [[cve-2023-0669\|CVE-2023-0669]] | 7.2 | Fortra | GoAnywhere MFT | | [[cve-2023-37580\|CVE-2023-37580]] | 6.1 | Zimbra | Zimbra Collaboration Suite | | [[cve-2023-43770\|CVE-2023-43770]] | 6.1 | Roundcube | Roundcube Webmail | | [[cve-2023-38606\|CVE-2023-38606]] | 5.5 | Apple | iOS / iPadOS / macOS | | [[cve-2023-41991\|CVE-2023-41991]] | 5.5 | Apple | iOS / iPadOS / macOS / watchOS | | [[cve-2023-20867\|CVE-2023-20867]] | 3.9 | VMware | VMware Tools | | [[vulnerabilities/2023/_2023.md\|_2023]] | \- | \- | \- | | [[cve-2023-36025]] | \- | \- | \- | <!-- SerializedQuery END -->