all InfoSec news
A Vulnerability in MOVEit Transfer that Could Allow for Remote Code Execution
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A Vulnerability has been discovered in Progress Moveit Transfer, which could allow for potential unauthorized access to the environment, escalated privileges, and remote code execution. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users …
access business business partners code code execution customers enterprise environment file files file transfer managed managed file transfer moveit partners privileges progress remote code remote code execution sftp software unauthorized access vulnerability