CVE-2023-34363

ENISA EUVD: EUVD-2023-38443 ↗
✓ Confirmed 0-Day
Triaged: March 20, 2026 1 article Published: 2023-06-09
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.29%
probability
This CVE has a 0.29% probability of being exploited in the next 30 days.
0% Top 51.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
5.9
MEDIUM
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

VulnerabilityLookup (CNA)
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.

Affected Products

n/a
n/a

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 0.29%
CVSS v3.1 5.9
Mentions 1
Last Seen Jun 07, 2023

CNA Information

CNA Assigner
mitre

Analyst Note

CVE-2023-34363 is the Progress MOVEit Transfer vulnerability explicitly documented as 'actively exploited' in the wild. The 2023 CVE year combined with active exploitation reporting and absence from Google Project Zero/CISA KEV (suggesting early disclosure) supports zero-day classification, though patch timing details are unavailable.

Triage Info

Decided atMar 20, 2026
Published DateJun 09, 2023