Thought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.
Progress Software initially contacted users on June 13 about CVE-2024-5805 and CVE-2024-5806, both of which it classifies as authentication bypass-style vulnerabilities, each carrying a critical 9.1 severity score.
The information was under embargo until June 25 to allow adequate time for patching, which was probably a good call given that 2,773 organizations were breached by Cl0p in last year’s MOVEit-related disaster, per Emsisoft’s tracker.