Cryptographic Vulnerability in MOVEit Automation by Progress
CVE-2024-4563

7.5HIGH

Key Information:

Vendor: Progress
Status: Moveit Automation
Vendor: CVE Published:; 22 May 2024

Summary

The configuration export function in Progress MOVEit Automation, prior to version 2024.0.0, suffers from a vulnerability due to the use of a cryptographic method that has an inadequate bit length. This weakness may lead to potential exposure of sensitive data, emphasizing the need for immediate updates to protect the integrity and confidentiality of information managed within the platform. Users of MOVEit Automation are encouraged to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://www.progress.com/moveit

https://community.progress.com/s/article/MOVEit-Automatio...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2024