Privilege Escalation Vulnerability in MOVEit Transfer Versions Prior to 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7)

CVE-2023-6218 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

Learn more about our Web Application Penetration Testing UK.