Just two days ago, Progress Software Corporation formally disclosed that it had discovered a new MOVEit Transfer authentication bypass vulnerability that could let attackers exploit the flaw to access accounts without knowing credentials. Tracked as CVE-2024-5806, the flaw was given a critical CVSS score of 9.1 by MOVEit provider Progress Software, which said it began distributing a patch on June 11 prior to the June 25 disclosure.
Source: SC Magazine