Release Date: 24 June 2024
Progress Software has disclosed new significant security vulnerabilities in its MOVEit Transfer product, identified as CVE-2024-5806. This vulnerability, classified as high-risk with a CVSS score of 7.4, involves improper authentication in the SFTP module of MOVEit Transfer.
The flaw allows attackers to bypass authentication under certain conditions, potentially leading to unauthorized access. It affects multiple versions of MOVEit Transfer, specifically:
Progress Software has released patches and users are strongly advised to upgrade to the latest versions to mitigate the risk. The company has emphasized that upgrading to a patched release using the full installer is the only way to fully remediate the issue.
Organizations using MOVEit Transfer should promptly apply the recommended patches to ensure their systems remain secure.
References
(1) MOVEit Transfer Product Security Alert Bulletin – June 2024 – (CVE-2024 .... https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806.
(2) Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE .... https://www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/.
(3) Progress Software Releases Security Advisory for MOVEit Transfer ... - CISA. https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability.
(4) Progress Software discloses 2 new CVEs in MOVEit. https://www.cybersecuritydive.com/news/progress-software-moveit-cves/701889/.
(5) MOVEit Transfer and MOVEit Cloud Vulnerability - Progress Software. https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more