Improper Authentication Vulnerability Affects Progress MOVEit Gateway
CVE-2024-5805
Summary
An improper authentication vulnerability exists in Progress MOVEit Gateway's SFTP modules, allowing unauthorized users to bypass authentication mechanisms. This flaw poses significant risks as it could enable attackers to gain unauthorized access to sensitive data and systems. The vulnerability specifically impacts the MOVEit Gateway version 2024.0.0, necessitating urgent action from organizations utilizing this software to ensure their environments remain secure. Organizations are advised to review and apply the necessary patches as outlined in Progress's security advisory.
Affected Version(s)
MOVEit Gateway 2024.0.0 < 2024.0.1
News Articles
Help Net SecurityWeek in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Progress quietly fixes MOVEit auth bypass flaws
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) - Help Net Security
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit MFT.
References
CVSS V3.1
Timeline
- đź“°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved