Compliance Solutions is aware of recent vulnerabilities with MOVEit. MOVEit’s parent company, Progress, released a security advisory stating that they had discovered a SQL injection vulnerability in the MOVEit platform that could lead to escalated privileges and potential unauthorized access to MOVEit customers’ environments.
Compliance Solutions does not use MOVEit as part of our solution offering. However, it is used by other areas of TruStage.
TruStage Information Security and Information Technology teams rapidly deployed a response team to investigate this issue and identify and implement potential risk mitigation steps including applying the patches provided by Progress Software. They have not found any evidence of exploitation of this vulnerability in our environment to date and continue to monitor the threat closely. Further guidance will be provided as it becomes available.