Abrigo experienced a critical incident on June 15, 2023 affecting File Transfer (transfer.abrigo.com), lasting 20h 49m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- identified Jun 15, 2023, 06:29 PM UTC
On June 15, 2023 Progress Software disclosed a new privilege escalation vulnerability in MoveIT Transfer (MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) - Progress Community). This is a new vulnerability subsequent to the disclosure of CVE-2023-34362 (MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362) - Progress Community) which was previously fully patched per vendor recommendations. Per the recommendation of the vendor, Abrigo has disabled the service to prevent HTTP/HTTPS traffic into the system until such time as the vendor makes a patch or viable workaround available
- monitoring Jun 16, 2023, 11:41 AM UTC
The vendor provided a security patch, which the Abrigo team has successfully tested and implemented. Abrigo has re-enabled the MOVEit service. For our Financial Crime clients, at 7:00am CDT Abrigo will complete testing and begin the backend process of importing your files. This is expected to run through 9:00am CDT this morning. For all other clients, files will be imported when files are received. We have updated our impact statement and made it available here in our Due Diligence Portal.
- resolved Jun 16, 2023, 03:19 PM UTC
This incident has been resolved.