CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

CVE-2015-7678

CVE-2015-7678 affects Ipswitch MOVEit Mobile 1.2.0.962 and earlier. The issue is cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The connected materials confirm the product and vulnerability cla...

CVE-2015-7679

CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...