CVE-2023-6218

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2022.0.9 (14.0.9) MOVEit Transfer versions prior to 2022.1.10 (14.1.10) MOVEit Transfer versions prior to 2023.0.7 (15.0.7)

Description A privilege escalation path associated with group administrators has been identified, allowing a group administrator to elevate a group member's permissions to the role of an organization administrator. The issue is related to insufficient access control in the software.

Recommendations For versions prior to 2022.0.9 (14.0.9), update to a version newer than 2022.0.9 to resolve the issue. For versions prior to 2022.1.10 (14.1.10), update to a version newer than 2022.1.10 to resolve the issue. For versions prior to 2023.0.7 (15.0.7), update to a version newer than 2023.0.7 to resolve the issue. As a temporary workaround, consider restricting the privileges of group administrators to minimize the risk of exploitation.