PT-2017-16941 · Ipswitch · Ipswitch Moveit File Transfer+1

Published

2017-05-18

Updated

2017-05-26

CVE-2017-6195

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ipswitch MOVEit Transfer versions prior to 2017 9.0.0.201 Ipswitch MOVEit DMZ versions prior to 8.3.0.30 Ipswitch MOVEit DMZ versions prior to 8.2.0.20

Description The issue allows for pre-authentication blind SQL injection.

Recommendations For Ipswitch MOVEit Transfer versions prior to 2017 9.0.0.201, update to version 2017 9.0.0.201 or later. For Ipswitch MOVEit DMZ versions prior to 8.3.0.30, update to version 8.3.0.30 or later. For Ipswitch MOVEit DMZ versions prior to 8.2.0.20, update to version 8.2.0.20 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-6195

Affected Products

Ipswitch Moveit Dmz

Ipswitch Moveit File Transfer

PT-2017-16941 · Ipswitch · Ipswitch Moveit File Transfer+1

CVE-2017-6195

Weakness Enumeration

Related Identifiers

Affected Products

References · 4