Pharos Response to MOVEit Vulnerability
- 05 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Pharos Response to MOVEit Vulnerability
- Updated on 05 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Background
Recently, a security vulnerability was discovered inside the Progress file sharing tool MOVEit ( CVE-2023-34362 ).
The vulnerability is rated as “Critical” because it allows access to the MOVEit transfer’s database where bad actors can potentially execute SQL statements remotely. The NVD has rated this as 9.8 out of a possible 10. The vulnerability is under active exploit and has been responsible for damage at a number of banks and government departments.
The vulnerability exists within MOVEit versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). A web page dedicated to advice and remediation instructions has been established on the progress community page here: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.
Pharos Software and MOVEit
Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the MOVEit tool anywhere.
Was this article helpful?