×

Irish Information Security Forum

New vulnerabilities in MOVEit Transfer and MOVEit Gateway

Release Date: 24 June 2024

 

 

Progress Software has disclosed new significant security vulnerabilities in its MOVEit Transfer product, identified as CVE-2024-5806. This vulnerability, classified as high-risk with a CVSS score of 7.4, involves improper authentication in the SFTP module of MOVEit Transfer.

 

The flaw allows attackers to bypass authentication under certain conditions, potentially leading to unauthorized access. It affects multiple versions of MOVEit Transfer, specifically:

  • Versions from 2023.0.0 before 2023.0.11
  • Versions from 2023.1.0 before 2023.1.6
  • Versions from 2024.0.0 before 2024.0.2

 

Progress Software has released patches and users are strongly advised to upgrade to the latest versions to mitigate the risk. The company has emphasized that upgrading to a patched release using the full installer is the only way to fully remediate the issue.

 

Organizations using MOVEit Transfer should promptly apply the recommended patches to ensure their systems remain secure.

image link to CVE

Moveit transfer critical security bulletin june 2024 CVE 2024

 

 


References
(1) MOVEit Transfer Product Security Alert Bulletin – June 2024 – (CVE-2024 .... https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806.
(2) Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE .... https://www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/.
(3) Progress Software Releases Security Advisory for MOVEit Transfer ... - CISA. https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability.
(4) Progress Software discloses 2 new CVEs in MOVEit. https://www.cybersecuritydive.com/news/progress-software-moveit-cves/701889/.
(5) MOVEit Transfer and MOVEit Cloud Vulnerability - Progress Software. https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability.

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy Statement  - Sponsorship  - Cybersecurity News Topics  - Cybersecurity Resources  - Produced by
LinkedIn Twitter