GCVE - cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ipswitch (`f980cf58-ade3-5008-97dc-5202aeb62886`)
Product	Moveit Dmz (`bf153cf7-3538-5d9a-b224-4094a8b87fb0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-6195`	vulnerable	2026-06-03 14:37:27.413691	Details available Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. Published: 2017-05-18T06:13:00.000Z Updated: 2024-08-05T15:25:49.036Z Open on db.gcve.eu Reference links http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7680`	vulnerable	2026-06-03 14:35:09.643490	Details available Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx. Published: 2016-02-10T15:00:00.000Z Updated: 2024-08-06T07:58:58.818Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2016/Jan/95 https://profundis-labs.com/advisories/CVE-2015-7680.txt http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7677`	vulnerable	2026-06-03 14:35:09.642556	Details available The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll. Published: 2016-02-10T15:00:00.000Z Updated: 2024-08-06T07:58:59.668Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2016/Jan/95 http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enumeration.html https://www.profundis-labs.com/advisories/CVE-2015-7677.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7676`	vulnerable	2026-06-03 14:35:09.642213	Details available Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. Published: 2016-04-15T15:00:00.000Z Updated: 2024-08-06T07:58:59.613Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2016/Jan/95 http://www.securityfocus.com/bid/90574 http://packetstormsecurity.com/files/135458/Ipswitch-MOVEit-DMZ-8.1-Persistent-Cross-Site-Scripting.html https://profundis-labs.com/advisories/CVE-2015-7676.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7675`	vulnerable	2026-06-03 14:35:09.640695	Details available The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx. Published: 2016-02-10T15:00:00.000Z Updated: 2024-08-06T07:58:59.795Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2016/Jan/95 http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html https://www.profundis-labs.com/advisories/CVE-2015-7675.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.