Skip to main content

MOVEit Products Security Restriction Bypass Vulnerabilities

Release Date: 27 Jun 2024 3824 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Multiple vulnerabilities were identified in MOVEit Products. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass on the targeted system.

 

Note:

Proof of concept exploit for CVE-2024-5806 exists on the internet.

To exploit the vulnerability, attackers must have knowledge of a valid users on the vulnerable system. Hence, the risk level is rated to Medium Risk.


Impact

  • Security Restriction Bypass

System / Technologies affected

  • MOVEit Gateway 2024.0.0
  • MOVEit Transfer from 2023.0.0 before 2023.0.11
  • MOVEit Transfer from 2023.1.0 before 2023.1.6
  • MOVEit Transfer from 2024.0.0 before 2024.0.2

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version MOVEit Gateway 2024.0.1
  • Update to version MOVEit Transfer 2023.0.11
  • Update to version MOVEit Transfer 2023.1.6
  • Update to version MOVEit Transfer 2024.0.2
 

Vulnerability Identifier


Source


Related Link