X
X

Find Your Specialist

X

Contact Us

    Go Back

    Zero Day Exploit in MOVEit Transfer

    A critical security vulnerability has recently come to light and poses a significant risk to organizations using MOVEit Transfer, the managed file transfer software developed by Ipswitch.

    A zero day exploit, CVE-2023-34362, is actively being exploited by malicious hackers to steal sensitive data from targeted organizations. Breaches are already being reported world-wide, and it is essential to take immediate action to protect your data if this CVE is present in your environment.

    The vulnerability allows for escalated privileges and potential unauthorized access to MOVEit Transfer. While specific details have not been publicly disclosed, it is believed to be a web-facing vulnerability, possibly a SQL injection vulnerability leading to remote code execution.

    Patches are still being developed for some versions of MOVEit, but some patches are available today. At a minimum, we recommend doing your own research and reviewing your logging and security alerting systems immediately to ensure everything is working properly to protect your assets.

    Below is the current list of MOVEit Transfer versions that have a patch available:

    Affected Version Fixed Version Documentation
    MOVEit Transfer 2023.0.0 MOVEit Transfer 2023.0.1 MOVEit 2023 Upgrade Documentation
    MOVEit Transfer 2022.1.x MOVEit Transfer 2022.1.5 MOVEit 2022 Upgrade Documentation
    MOVEit Transfer 2022.0.x MOVEit Transfer 2022.0.4
    MOVEit Transfer 2021.1.x MOVEit Transfer 2021.1.4 MOVEit 2021 Upgrade Documentation
    MOVEit Transfer 2021.0.x MOVEit Transfer 2021.0.6

    For questions or more information, please reach out to your FD advisor.

    Related Articles

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled
    Essential cookies enable you to navigate our Site and use certain features, such as accessing secure areas of our Site and using other features of our service that require us to keep track of certain information as you navigate from page to page. Although some of these cookies are “required” to enable certain functionality, you can disable them in the browser, but doing so will limit your ability to use the features supported by such cookies.
    Functionality cookies are cookies that support features of the Site, such as remembering your preferences.
    These cookies collect information about how you use our Site, including which pages you go to most often and if they receive error messages from certain pages. These cookies are only used to improve how our Site functions and performs.
    From time-to-time, we may engage third parties that track individuals who visit our Site. These third parties may track your use of the Site for purposes of providing us with certain marketing automation features (to help us improve our outreach to current and prospective clients) and providing you with targeted advertisements.