Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in MOVEit Transfer
Alerts

Active Exploitation of Critical Vulnerability in MOVEit Transfer

29 June 2024

Progress Software has released security updates to address a critical vulnerability (CVE-2024-5806) in MOVEit Transfer. The vulnerability has a CVSSv3.1 score of 9.1 out of 10 and is reportedly being actively exploited.

Successful exploitation of the improper authentication vulnerability in the MOVEit Transfer's SSH File Transfer Protocol (SFTP) module could allow an attacker to bypass authentication and gain unauthorised access to an affected system.

This vulnerability affects MOVEit Transfer versions from 2023.0.0 to before 2023.0.11, from 2023.1.0 to before 2023.1.6, and from 2024.0.0 to before 2024.0.2.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:    

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806

https://www.darkreading.com/remote-workforce/fresh-moveit-bug-under-attack-disclosure

Back to top