Information Disclosure Vulnerability in Ipswitch MOVEit DMZ

Information Disclosure Vulnerability in Ipswitch MOVEit DMZ

CVE-2015-7677 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

Learn more about our Api Penetration Testing.