- 23/2024
- High
MOVEit Transfer has released a security update to address a vulnerability in multiple versions of Progress MOVEit Transfer.
The addressed vulnerability could allow the remote attacker to perform a denial of service attack on the affected system by sending a specially crafted request via a parameter in HTTPS transactions.
Progress MOVEit Transfer Denial of Service Vulnerability (CVE-2024-0396):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Affected versions:
- MOVEit Transfer 2023.1.2 (15.1.2) and earlier.
- MOVEit Transfer 2023.0.7 (15.0.7) and earlier.
- MOVEit Transfer 2022.1.10 (14.1.10) and earlier.
- MOVEit Transfer 2022.0.9 (14.0.9) and earlier.
- MOVEit Transfer 2021.1.x (13.1.x) and older.
Vulnerabilities
CVE-2024-0396
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.