Pharos Response to MOVEit Vulnerability - June 2023
  • 05 Apr 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Pharos Response to MOVEit Vulnerability - June 2023

  • Dark
    Light
  • PDF

Article summary

Background

Recently, a security vulnerability was discovered inside the Progress file sharing tool MOVEit ( CVE-2023-34362 ).

The vulnerability is rated as “Critical” because it allows access to the MOVEit transfer’s database where bad actors can potentially execute SQL statements remotely. The NVD has rated this as 9.8 out of a possible 10. The vulnerability is under active exploit and has been responsible for damage at a number of banks and government departments.

The vulnerability exists within MOVEit versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). A web page dedicated to advice and remediation instructions has been established on the progress community page here: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.

Pharos Software and MOVEit

Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the MOVEit tool anywhere.


Was this article helpful?


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.