CVE-2015-7675

MEDIUM

Ipswitch MOVEit DMZ <8.2, MOVEit Mobile <1.2.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.

Scores

CVSS v3 6.5
EPSS 0.0311
EPSS Percentile 86.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
ipswitch/moveit_dmz < 8.1
ipswitch/moveit_mobile < 1.2.0.962
Published Feb 10, 2016
Tracked Since Feb 18, 2026