Skip to main content

Progress Software Releases November 2023 Service Pack for MOVEit Transfer

Service pack includes security updates for two high severity vulnerabilities

Threat ID:
CC-4421
Threat Severity:
Medium
Published:
11 December 2023 2:29 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Service pack includes security updates for two high severity vulnerabilities

Affected platforms

The following platforms are known to be affected:

Versions: All versions prior to 2023.1.0

Progress (formerly Ipswitch) MOVEit Transfer

Threat details

Introduction

Progress (formerly Ipswitch) has released security updates for two vulnerabilities found in the MOVEit Transfer web application, a managed secure file transfer tool.

The first vulnerability, known as CVE-2023-6217, is a reflected cross-site scripting (XSS) vulnerability. An attacker could exploit this vulnerability to craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a user interacts with the crafted payload, the attacker could then execute malicious code.

The second is a privilege escalation path vulnerability, known as CVE-2023-6218, this affects a path associated with group administrators. An attacker with group administrator privileges could exploit this vulnerability to elevate a group member's permission to the role of an organisation administrator.

Remediation advice

Affected organisations are encouraged to review the Progress Community advisory MOVEit Transfer Service Pack (November 2023) and apply updates as soon as practicable. 

Last edited: 11 December 2023 2:29 pm