PT-2016-3821 · Ipswitch · Moveit Dmz
Philipp Rocholl
·
Published
2016-02-10
·
Updated
2016-02-12
·
CVE-2015-7677
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ipswitch MOVEit DMZ versions prior to 8.2
Description
The issue allows remote authenticated users to enumerate FileIDs due to different error messages provided by the MOVEitISAPI service, depending on whether a FileID exists. This can be achieved via the
X-siLock-FileID parameter in a download action to "MOVEitISAPI/MOVEitISAPI.dll".Recommendations
For Ipswitch MOVEit DMZ versions prior to 8.2, update to version 8.2 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moveit Dmz