Resources Security Bulletin Sedara Security Bulletin: MOVEit Transfer

Sedara Security Bulletin: MOVEit Transfer

Security Bulletin


On May 31 2023, the vendor Progress Software released a security advisory about its product, MOVEit Transfer managed file transfer (MFT) software. MOVEit has been used by thousands of organizations in the transfer of sensitive data.

This vulnerability affects all versions of MOVEit Transfer software. The vulnerability also impacts customers who rely on the MOVEit Transfer cloud platform.

The vulnerability is a SQL injection vulnerability that could allow an un-authenticated attacker to gain access to MOVEit Transfer’s database. An attacker may be able to infer information about the structure and contents of the database, in addition to running SQL statements that change or delete database elements.

Threat intelligence organizations have observed scanning activity as early as March 3, and customers using MOVEit are urged to review systems for any indicators of unauthorized access that may have occurred within the last 90 days.

Information about this vulnerability is still new, and we expect more published information over the next few days as this threat is analyzed. It is tracked as CVE-2023-34362. Though it does not have a severity score as of the writing of this bulletin, we consider this to be a critical vulnerability due to possible attacks from unauthenticated Internet-based attackers, the widespread use of this tool, and the sensitivity of the data stored in MOVEit databases.


Patches are available now for all versions of MOVEit software. The vendor urges customers to apply the patches as soon as possible. Until those patches are applied, there are ways to mitigate the risk of an attack:

  1. Modify firewall rules to deny HTTP (port 80) and HTTPS (port 443) traffic to MOVEit Transfer servers. It is important to note that, until HTTP and HTTPS traffic is enabled again, users will not be able to log on to the MOVEit Transfer web interface; MOVEit Automation tasks that use the native MOVEit Transfer host will not work; REST, Java, and .NET APIs will not work; and the MOVEit Transfer add-in for Outlook will not work. However, the SFTP and FTP protocols will continue to work as normal.
  2. If it is not possible to deny access for all HTTP/HTTPS traffic, update network firewall rules to allow connections from pre-screened, permitted IP addresses only.
  3. Reset service account credentials for affected systems, and the MOVEit Service Account.

Check for Indicators of Compromise:

The product vendor recommends a review of access over the last 90 days to confirm the software has not been compromised. To complete the review:

A full list of indicators of compromise, including IP addresses and SHA256 hashes for malicious scripts, are listed at .


How can Sedara Help?

Sedara’s vCISOs can provide you ongoing supervision and support to stay updated on the latest security incidents. Our vCISOs are your “cybersecurity sidekick,” helping you improve your overall cybersecurity posture by adopting new security controls and mitigating risk.

Gain visibility across your entire network for real-time analysis and alerting of security events. Sedara’s 24x7x365 SOC can deploy and monitor a Security Information Event Management (SIEM)  so that you can ignore the noise and take immediate action on security incidents.

More reading on this threat:

Want Help With a Security Incident?

Sedara can help your organization assess and address vulnerabilities and provide insight that prevents future incidents.

Get Future Compromise Alerts – Join Sedara Declassified

Subscribe to Sedara Declassified to get timely updates on new and evolving threats – and what to do about them – just like our clients do. And of course, if we can help you with anything directly, feel free to reach out.

Accomplish your security & compliance goals.

Get a Demo