CVE-2024-0396

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2022.0.10 (14.0.10) MOVEit Transfer versions prior to 2022.1.11 (14.1.11) MOVEit Transfer versions prior to 2023.0.8 (15.0.8) MOVEit Transfer versions prior to 2023.1.3 (15.1.3)

Description An input validation issue was discovered in MOVEit Transfer, allowing an authenticated user to manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. The issue is related to incorrect clearance or release of resources in the HTTPS Transaction Handler component.

Recommendations For versions prior to 2022.0.10 (14.0.10), update to a version that includes the fix for this issue. For versions prior to 2022.1.11 (14.1.11), update to a version that includes the fix for this issue. For versions prior to 2023.0.8 (15.0.8), update to a version that includes the fix for this issue. For versions prior to 2023.1.3 (15.1.3), update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the HTTPS transaction handler to minimize the risk of exploitation.