Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability in its product. The flaw, CVE-2024-6576, is classified as high-severity with a CVSS score of 7.3, indicating significant user risk.
CVE-2024-6576- Privilege Escalation Flaw in MOVEit File Transfer
The vulnerability in MOVEit Transfer’s SFTP module arises from improper authentication, potentially allowing attackers to escalate privileges. It affects versions:
- 2023.0.0 before 2023.0.12
- 2023.1.0 before 2023.1.7
- 2024.0.0 before 2024.0.3
Progress strongly advises all affected customers to upgrade to the latest patched versions to mitigate this security risk.
The table below provides the fixed versions available for download:
| Fixed Version | Documentation | Release Notes |
| MOVEit Transfer 2024.0.3 (16.0.3) | Install and upgrade guide | Release Notes 2024.0 |
| MOVEit Transfer 2023.1.7 (15.1.7) | Install and upgrade guide | Release Notes 2023.1 |
| MOVEit Transfer 2023.0.12 (15.0.12) | Install and upgrade guide | Release Notes 2023.0 |
Steps to Upgrade
To upgrade:
- Log in to the Progress Community Download Center using your Progress ID.
- Select the appropriate asset from the “My Active” tab.
- Click the download link in the “Related Products & Downloads” section.
- Download the fixed version listed above.
For questions or concerns, open a new Technical Support case via the Progress Community. Customers without a current maintenance agreement should contact the Progress Renewals team or their Progress partner account representative.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment