As BSI now experiences, a vulnerability in Progress Software MOVEit Automation has been recognized. You can learn the outline of the safety vulnerability and the listing of affected working methods and merchandise right here.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for Progress Software MOVEit Automation on May 22, 2024. The safety vulnerability impacts the Windows working system and the Progress Software MOVEit product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Progress MOVEit Security Advisory (Stop: 22.05.2024).
Security discover for Progress Software MOVEit Automation – Risk: average
Risk degree: 2 (average)
CVSS Base Score: 6.1
CVSS provisional rating: 5,3
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS normal makes it potential to check potential or precise safety dangers based mostly on numerous metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances that will change over time are thought of within the check. According to the CVSS, the chance of the present vulnerability is assessed as “average” with a base rating of 6.1.
Progress Software MOVEit Automation Bug: Vulnerability permits data disclosure
Progress MOVEit is a safe managed file switch (MFT) software program that gives visibility and management of file switch operations.
A distant, unknown attacker might exploit a vulnerability in Progress Software MOVEit Automation to show data.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-4563 on the market.
Systems affected by the safety hole at a look
working system
Windows
Products
Progress Software MOVEit Automation
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly verify the required sources to see if a brand new safety replace is obtainable.
Manufacturer details about updates, patches and workarounds
Here one can find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Progress MOVEit Security Advisory vom 2024-05-22 (22.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Progress Software MOVEit Automation. This doc will likely be up to date as updates are introduced. You can see the adjustments made utilizing the model historical past beneath.
May 22, 2024 – First model
+++ Editorial word: This doc is predicated on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de