Pre-Authentication Blind SQL Injection in Ipswitch MOVEit Transfer (formerly DMZ)

Pre-Authentication Blind SQL Injection in Ipswitch MOVEit Transfer (formerly DMZ)

CVE-2017-6195 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.