CVE-2023-6217

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2022.0.9 (14.0.9) MOVEit Transfer versions prior to 2022.1.10 (14.1.10) MOVEit Transfer versions prior to 2023.0.7 (15.0.7)

Description A reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system, which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser.

Recommendations For versions prior to 2022.0.9 (14.0.9), update to a version newer than 2022.0.9. For versions prior to 2022.1.10 (14.1.10), update to a version newer than 2022.1.10. For versions prior to 2023.0.7 (15.0.7), update to a version newer than 2023.0.7. As a temporary workaround, consider restricting access to the MOVEit Gateway and MOVEit Transfer deployment to minimize the risk of exploitation.