MOVEit Product Security Update Advisory

Overview

A vulnerability exists in MOVEit Gateway (SFTP module) that allows authentication bypass.

A vulnerability exists in MOVEit Transfer (SFTP module) that allows authentication bypass.

description

A vulnerability exists in Progress MOVEit Gateway (SFTP module) that allows authentication bypass due to improper authentication (CVE-2024-5805)

A vulnerability exists in Progress MOVEit Transfer (SFTP module) due to improper authentication, which allows authentication bypass (CVE-2024-5806)

Affected Products

MOVEit Gateway version: 2024.0.0

MOVEit Transfer version: 2023.0.0

MOVEit Transfer version: 2023.1.0

MOVEit Transfer ver: 2024.0.0

Vulnerability Patches Version

MOVEit Gateway version: 2024.0.1

MOVEit Transfer version: 2023.0.11

MOVEit Transfer version: 2023.1.6

MOVEit Transfer version: 2024.0.2

Vulnerability Patches

Vulnerability Patches have been made available through product updates. Please proceed to update to the Vulnerability Patches version.

references

[1] CVE-2024-5805 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5805#VulnChangeHistorySection

[2] New Features and Updates

https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805

[3] CVE-2024-5806 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5806

[4] New Features and Updates

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806