CVE-2015-7677

Name of the Vulnerable Software and Affected Versions Ipswitch MOVEit DMZ versions prior to 8.2

Description The issue allows remote authenticated users to enumerate FileIDs due to different error messages provided by the MOVEitISAPI service, depending on whether a FileID exists. This can be achieved via the X-siLock-FileID parameter in a download action to "MOVEitISAPI/MOVEitISAPI.dll".

Recommendations For Ipswitch MOVEit DMZ versions prior to 8.2, update to version 8.2 or later to resolve the issue.