CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:moveit_mobile:*:*:*:*:*:*:*:*

Information

Published : 2016-02-10 07:59

Updated : 2016-02-18 14:45


NVD link : CVE-2015-7675

Mitre link : CVE-2015-7675


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

ipswitch

  • moveit_mobile
  • moveit_dmz