MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High).
Progress-owned MOVEit transfer was popularly exploited by threat actors who attacked several organizations as part of a ransomware campaign. The organizations previously reported to be affected by MOVEit vulnerability include Shell, BBC, British Airways, CalPERS, Honeywell, and US government agencies.
This SQL injection vulnerability was discovered on the MOVEit Transfer machine interface, which could lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer machine interface.
Successful exploitation could result in the modification and disclosure of MOVEit database content. However, a threat actor must be authenticated to exploit this vulnerability. Progress has given the severity of this vulnerability as 8.8 (High).
Products affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. Users are recommended to upgrade to the September Service Pack to fix this vulnerability.
This other SQL injection vulnerability exists in the MOVEit Transfer web interface, which could possibly lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer web interface.
Successful exploitation could result in the modification and disclosure of MOVEit database content. The prerequisite for a threat actor to exploit this vulnerability includes access to a MOVEit system administrator account. Progress has given the severity of this vulnerability as 7.2 (High).
Products that are affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to the September Service Pack and limit sysadmin account access.
This Reflected XSS vulnerability was found in the MOVEit Transfer’s web interface, which a malicious payload can exploit during the package composition procedure. A threat could craft a malicious payload and target MOVEit Transfer users. When interacting with the payload, the threat actor can execute malicious JavaScript on the victim’s browser.
Progress has given the severity of this vulnerability as 6.1 (Medium). Products affected due to this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to September Service Pack and limit sysadmin account access.
A comprehensive list of vulnerable product versions, documentation, release notes, and fixed versions has been given below.
| Affected Version | Fixed Version (Full Installer) | Documentation | Release Notes |
| MOVEit Transfer 2023.0.x (15.0.x) | MOVEit Transfer 2023.0.6 (15.0.6) | MOVEit 2023 Upgrade Documentation | MOVEit Transfer 2023.0.6 Release Notes |
| MOVEit Transfer 2022.1.x (14.1.x) | MOVEit Transfer 2022.1.9 (14.1.9) | MOVEit 2022 Upgrade Documentation | MOVEit Transfer 2022.1.9 Release Notes |
| MOVEit Transfer 2022.0.x (14.0.x) | MOVEit Transfer 2022.0.8 (14.0.8) | MOVEit 2022 Upgrade Documentation | MOVEit Transfer 2022.0.8 Release Notes |
| MOVEit Transfer 2021.1.x (13.1.x) | MOVEit Transfer 2021.1.8 (13.1.8) | MOVEit 2021 Upgrade Documentation | MOVEit Transfer 2021.1.8 Release Notes |
| MOVEit Transfer 2021.0.x (13.0.x) or older | Must Upgrade to a Supported Version | See MOVEit Transfer Upgrade and | N/A |
| Migration Guide |
A security advisory has been released by Progress which includes a comprehensive list of the affected products and the vulnerabilities that have been identified.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…
A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…
A surge in phishing text messages claiming unpaid tolls has been linked to a massive…
The State Bar of Texas has confirmed a data breach following the detection of unauthorized…