Fixed Issues in 2024
- Last Updated: June 1, 2024
- 1 minute read
- MOVEit Transfer
- Version 2024
- Documentation
This section outlines issues tracked and fixed by the MOVEit product team
for the 2024 release.
Note: See the What's New section for a broader summary of
features and improvements.
|
ID |
Category |
Fixed Issue |
|---|---|---|
| 5719 | Security/REST | Swagger HTML Injection. |
| 55178 | AV/DLP | McAfee VirusScan cannot scan uploaded files with specific characters in the name. |
| 68124 | Security/REST | Missing Secure Cookie Attribute. |
| 70866 | Server/Auditlog | No exception thrown after audit log write failure. |
| 71212 | Outlook Add-in | Outlook Add-In can fail to open secure messages with certain URL schemes. |
| 72028 | Server/UI | Data table has no heading or labeled as presentation only (Section 508 compliance). |
| 72029 | Server/UI | Go To Folder button has no name (Section 508 compliance). |
| 72324 | Server/Security | Bugcrowd: Failure to invalidate session upon password change. |
| 72706 | Server/Reports/Security | HTML Injection through certain Custom Reports. |
| 72735 | Server/Downloads | Bypass file upload controls. |
| 72965 | Server/Database | SFTP server executes unnecessary queries during dir list. |
| 73000 | Server/Security | Missing security headers , X-Content-Type-Options and Strict-Transport-Security. |
| 73051 | Server/UI | Group permissions passed down to subfolder when Clear Settings is chosen, depending on user creating subfolder. |
| 75029 | Server/Config Utility | Changing machine URL to https://localhost causes syscheck errors due to cert error. |
| 75355 | Server/Security | Security Report frames_ancestors_missing vulnerability. |
| 75520 | Server/SSH | LDAP users unable to connect using legacy SSH service. |
| 75708 | Status Server | Xfer Status Server can crash on start-up / Live View does not open. |
| 76830 | Server/Security | Component: follow-redirects-1.15.3 has CVE Vulnerability CVE-2023-26159 detected in Application: MOVEit Transfer. |
| 76857 | Server/ISAPI | MOVEitISAPI creates unnecessary database connections |
| 76859 | Server/Security | Component: follow-redirects-1.14.4 has CVE Vulnerability CVE-2023-26159 detected in Application: MOVEit Transfer |
| 76907 | Server/ConfigUtil | DMZ Config Tool allows user to revert to the legacy SSH service with more than one key assigned to a binding. |
| 78067 | Server/FTP | FTP server can be slow for users with lots of folders. |
| 72751 | Server/FTP | Preview request when establishing a connection via the legacy SFTP or the FTP server |
| 80671 | Database/Security | Microsoft SQL Server ODBC and OLE DB Driver for SQL Server vulnerability. |
| 80746 | Server/SFTP | SFTP service can use a lot of memory and CPU. |
| 81229 | Install | Updated versions of MySQL are available. |