MOVEit Product Security Update Advisory (CVE-2024-6576)

Jul 31 2024

Overview

MOVEit has released an update to address a vulnerability in our their product. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-6576

MOVEit Transfer versions: 2023.0.0 (inclusive) ~ 2023.0.12 (inclusive)
MOVEit Transfer versions: 2023.1.0 (inclusive) ~ 2023.1.7 (inclusive)
MOVEit Transfer versions: 2024.0.0 (inclusive) ~ 2024.0.3 (inclusive)

Resolved Vulnerabilities

Improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) that could lead to privilege escalation (CVE-2024-6576)

Vulnerability Patches

Vulnerability Patches were made available in the latest update on 07/29/2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

See the Release Notes section of the Referenced Sites [2] to update

Referenced Sites

[1] CVE-2024-6576 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-6576

[2] MOVEit Transfer Product Security Alert Bulletin – July 2024 – (CVE-2024-6576)

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576

MOVEit Product Security Update Advisory (CVE-2024-6576)

Apache Pinot Security Update Advisory (CVE-2024-39676)

Dell Product Security Update Advisory

Tags:

Apache Pinot Security Update Advisory (CVE-2024-39676)

Dell Product Security Update Advisory