New MOVEit Transfer critical flaws found after security audit, patch now
09-Jun-23
Customers of Progress Software’s MOVEit Transfer managed file transfer (MFT) product have been alerted about recently discovered serious SQL injection vulnerabilities that could allow hackers to access their databases.
Following thorough code evaluations started by Progress on May 31, when it patched a hole used as a zero-day by the Clop ransomware gang in data theft attacks, these security flaws were found with the assistance of cybersecurity firm Huntress. They have an impact on all versions of MOVEit Transfer and give unauthenticated attackers the ability to break into servers that are exposed to the Internet and change or steal user data.
