News item |: 16.6.2023 |: 4:47 p.m
In a short period of time, many vulnerabilities were discovered in MOVEit Transfer, a file sharing application. The potential for exploiting the found vulnerability and its potential impact is assessed as high. NCSC recommends that organizations using MOVEit Transfer go through the step-by-step plan developed by Progress and install any security updates that are available as soon as possible.
New vulnerability
On June 15, software developer Progress published a security advisory about a new vulnerability in MOVEit. As with previously discovered vulnerabilities, NCSC rates this vulnerability highly.
On June 16, the vulnerability was assigned the CVE attribute CVE-2023-35708. Progress has released updates to fix new and previously discovered vulnerabilities. NCSC has issued security advisories NCSC-2023-0299 and NCSC-2023-0268 for this vulnerability and recommends that users install the released updates as soon as possible.
The fact that a number of vulnerabilities have been discovered in this product in a short period of time may be due to the fact that the product is currently receiving a lot of attention after the first vulnerability was discovered.
At this time, NSC has not yet detected any abuse of the newly discovered vulnerability. NCSC is closely monitoring the MOVEit Transfer vulnerability situation. As new information becomes available, NCSC will post it on the website.