A few days ago, a new vulnerability was discovered in the file transfer solution MOVEit by IPswitch, Inc. a subsidiary of US-based Progress Software Corporation. If you are a MOVEit Transfer customer, please use the link below to take immediate action. It is important to note that all MOVEit Transfer versions are affected by this vulnerability.
This SQL injection vulnerability allows an unauthenticated attacker to gain elevated access rights to the system exposing all data stored within. Currently, there is no CVE tracking this vulnerability; therefore, it has yet to make it to many intelligence feeds. This bug is capable of mass exploitation, and security monitoring organizations have already seen threat actors scanning for, and exploiting this, in the wild. If you are running MOVEit, steps must be taken to secure the application.
Mitigation measures can be found here: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
If you are a K logix customer and have questions, please reach out to us immediately.
