📦

moveit_dmz

Vendor: ipswitch

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 25 Total Indexed

Avg. EPSS 0.02% Exploit Prob.

Latest CVE CVE-2017-6195 May 18

Security Vulnerability Index

Page 1 / 3

9.8 CVSS

CVE-2017-6195

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

EPSS: 0.04%

Severity: CRITICAL

May 18, 2017

5.4 CVSS

CVE-2015-7676

Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.

EPSS: 0.02%

Severity: MEDIUM

Apr 15, 2016

5.3 CVSS

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.

EPSS: 0.03%

Severity: MEDIUM

Feb 10, 2016

4.3 CVSS

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

EPSS: 0.02%

Severity: MEDIUM

Feb 10, 2016

6.5 CVSS

CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.

EPSS: 0.01%

Severity: MEDIUM

Feb 10, 2016

Displaying 5 of 25 Total Entries

1 2 3

Total 3 Sections