Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before they go public with the information. About the vulnerabilities CVE-2024-5805 is an improper authentication vulnerability in MOVEit Gateway, which serves as a proxy so that MOVEit Transfer – the actual managed file transfer software – … More

The post Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) appeared first on Help Net Security.