CVE-2015-7675 - OpenCVE

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ipswitch	Moveit Dmz Moveit Mobile

Configuration 1 [-]

OR	cpe:2.3:a:ipswitch:moveit_dmz::::::::
	cpe:2.3:a:ipswitch:moveit_mobile::::::::

References

Link	Resource
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf	Vendor Advisory
http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html	Exploit
http://seclists.org/fulldisclosure/2016/Jan/95
https://www.profundis-labs.com/advisories/CVE-2015-7675.txt	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-02-10T15:00:00

Updated: 2016-02-10T12:57:02

Reserved: 2015-10-02T00:00:00

Link: CVE-2015-7675

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-02-10T15:59:00.100

Modified: 2016-02-18T22:45:25.837

Link: CVE-2015-7675

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-02-10T12:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Jan/95"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7675", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Jan/95"}, {"name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", "refsource": "CONFIRM", "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"}, {"name": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"}, {"name": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt", "refsource": "MISC", "url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7675", "datePublished": "2016-02-10T15:00:00", "dateReserved": "2015-10-02T00:00:00", "dateUpdated": "2016-02-10T12:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8C09B13-29FD-4A22-A77F-83B9434DBE33", "versionEndIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipswitch:moveit_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "B93E8747-D8C0-4FBC-BD74-B3A7FC391CD3", "versionEndIncluding": "1.2.0.962", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."}, {"lang": "es", "value": "La funcionalidad \"Send as attachment\" en Ipswitch MOVEit DMZ en versiones anteriores a 8.2 y MOVEit Mobile en versiones anteriores a 1.2.2 permite a usuarios remotos autenticados eludir la autorizaci\u00f3n y leer archivos cargados a trav\u00e9s de un FileID v\u00e1lido en el par\u00e1metro (1) serverFileIds en mobile/sendMsg o (2) arg01 en human.aspx."}], "id": "CVE-2015-7675", "lastModified": "2016-02-18T22:45:25.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-10T15:59:00.100", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Jan/95"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}