MOVEit Transfer Vulnerability

July 17, 2023

ADP is aware of the following MOVEit Transfer Vulnerabilities:

• CVE-2023-34362
• CVE-2023-35708
• CVE-2023-35036
• CVE-2023-36932
• CVE-2023-36933
• CVE-2023-36934

Upon receiving reports regarding these vulnerabilities, ADP’s Global Security Organization began an investigation to determine any potential impacts to our system. At this time, we can confirm that ADP does not currently utilize the MOVEit Transfer software, and no ADP systems or client data was impacted.

ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor and respond to this developing situation as it does with all reported vulnerabilities. Clients are encouraged to visit ADP’s website at www.adp.com/trust to see Security Alerts to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.