Security advisories

Critical Vulnerability in MOVEit Transfer

June 1, 2023 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer. Progress disclosed the vulnerability in an advisory on May 31st, 2023. Exploitation of vulnerability allows threat actors to perform privilege escalation and gain unauthorized access to the environment.

Organizations using MOVEit Transfer need to take immediate actions and apply relevant security patches or the alternative mitigations that are outlined by Progress.

What we’re doing about it

What you should do about it

Additional information

Details on real world exploitation of this vulnerability, have not been publicly disclosed at this time. Based on wording from Progress’ advisory, it is highly probably that exploitation has been ongoing for at least the past 30 days.

The MOVEit Transfer platform is meant to enable secure transfer of sensitive files. Exploitation of this vulnerability may enable the theft of sensitive materials that would then be sold or used in extortion type attacks.

Impacted MOVEit Transfer Versions:

Alternative Mitigations [1]:

References:

[1] https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
[2] https://community.progress.com/s/supportlink-landing

View Most Recent Advisories