CVE-2015-7677

MEDIUM

Ipswitch MOVEit DMZ <8.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Jan/95

Scores

CVSS v3 4.3
EPSS 0.0295
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
ipswitch/moveit_dmz < 8.1
Published Feb 10, 2016
Tracked Since Feb 18, 2026