The Progress company behind the popular MOVEit file transfer product has announced a second vulnerability. As part of the ongoing investigation, cybersecurity company Huntress conducted code reviews of the MOVEit product and uncovered a new vulnerability that could potentially be exploited. This newly discovered vulnerability was stated to be different from the previously reported vulnerability shared on May 31, 2023.
The advisory states that it could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
