---
title: >-
  Protection from CVE-2023-34362 (MOVEit Transfer Critical SQL Injection
  Vulnerability)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2023/08/protection-from-cve-2023-34362-moveit-transfer-critical-sql-injection-vulnerability
---

A SQL injection vulnerability has been found in the Progress MOVEit Transfer web application and has been assigned CVE-2023-34362 (also known as MOVEit Transfer Critical SQL Injection Vulnerability). Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2023-34362` and then click **View** for the CVE-2023-34362 templated rule.
5. Click **Configure**.
6. Click **Add trigger** and select the **Block requests from an IP immediately if the CVE-2023-34362 signal is observed** checkbox.
7. Click **Update rule**.