vulnerability

Progress MOVEit Transfer: CVE-2023-6218: Improper Privilege Management

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Nov 29, 2023	Dec 13, 2024	Feb 11, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Nov 29, 2023

Added

Dec 13, 2024

Modified

Feb 11, 2026

Description

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

Solution

progress-moveit-transfer-upgrade-latest

References

CVE-2023-6218
https://attackerkb.com/topics/CVE-2023-6218
URL-https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023
URL-https://www.progress.com/moveit
CWE-269

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today