0333 123 1240 info@pro2colgroup.com

MOVEit Security Bulletin – March 2017

Affects:

All MOVEit® Transfer (DMZ) versions

Impact:

An attacker could bypass protection mechanisms in order to read or modify confidential data.

Issue:

A pre-authentication blind SQL injection vulnerability was discovered in the MOVEit® Transfer (DMZ) software. Ipswitch has determined the vulnerability can be exploited and customers should upgrade at their earliest convenience. Ipswitch does not intend to provide vulnerability details that could facilitate an exploit.

Resolution:

To address this problem, Ipswitch strongly recommends performing an upgrade to a fixed version in the list below.

You can find an upgrade guide here.

MOVEit Transfer 2017 (9.0)    —>   MOVEit Transfer 2017 (9.0.0.201)

MOVEit DMZ 8.3   —>   MOVEit DMZ 8.3.0.30

MOVEit DMZ 8.2   —>   MOVEit DMZ 8.2.0.20 

MOVEit DMZ 8.1   —>   MOVEit DMZ 8.1.6.23

All customers on a current maintenance agreement can access the upgrade by logging into the Ipswitch Community – https://community.ipswitch.com.

If you are running an earlier version than MOVEit DMZ 8.1 or if you are not currently covered by an existing support agreement:

Get in contact immediately on support@pro2colgroup.com.

Complete the form below to request a call back from a MOVEit certified engineer: