Sign-up

ID

VAR-201602-0294


CVE

CVE-2015-7679


TITLE

Ipswitch MOVEit Mobile Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-006876

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. Ipswitch MOVEit is an automated file transfer system from Ipswitch Corporation in the United States. The system supports control, management, and visibility into all business-critical file transfer activities through a single, secure system. Mobile is one version

Trust: 1.71

sources: NVD: CVE-2015-7679 // JVNDB: JVNDB-2015-006876 // VULHUB: VHN-85640

AFFECTED PRODUCTS

vendor:ipswitchmodel:moveit mobilescope:lteversion:1.2.0.962

Trust: 1.0

vendor:ipswitchmodel:moveit mobilescope:ltversion:1.2.2

Trust: 0.8

vendor:ipswitchmodel:moveit mobilescope:eqversion:1.2.0.962

Trust: 0.6

sources: JVNDB: JVNDB-2015-006876 // CNNVD: CNNVD-201602-210 // NVD: CVE-2015-7679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7679
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7679
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-210
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85640
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7679
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85640
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7679
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-85640 // JVNDB: JVNDB-2015-006876 // CNNVD: CNNVD-201602-210 // NVD: CVE-2015-7679

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-85640 // JVNDB: JVNDB-2015-006876 // NVD: CVE-2015-7679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-210

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-210

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006876

PATCH
title:MOVEit DMZ Release Notes 8.2url:http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
Trust: 0.8
title:Ipswitch MOVEit Mobile Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60152
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006876 // 
            
            
            
            CNNVD: CNNVD-201602-210

EXTERNAL IDS
db:NVDid:CVE-2015-7679
Trust: 2.5
db:PACKETSTORMid:135461
Trust: 1.7
db:JVNDBid:JVNDB-2015-006876
Trust: 0.8
db:CNNVDid:CNNVD-201602-210
Trust: 0.7
db:VULHUBid:VHN-85640
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85640 // 
            
            
            
            JVNDB: JVNDB-2015-006876 // 
            
            
            
            CNNVD: CNNVD-201602-210 // 
            
            
            
            NVD: CVE-2015-7679

REFERENCES
url:http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf
Trust: 1.7
url:http://seclists.org/fulldisclosure/2016/jan/95
Trust: 1.7
url:http://packetstormsecurity.com/files/135461/ipswitch-moveit-mobile-1.2.0.962-cross-site-scripting.html
Trust: 1.7
url:https://profundis-labs.com/advisories/cve-2015-7679.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7679
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7679
Trust: 0.8
url:https://www.profundis-labs.com/advisories/cve-2015-7679.txt
Trust: 0.8
sources:
            
            
            VULHUB: VHN-85640 // 
            
            
            
            JVNDB: JVNDB-2015-006876 // 
            
            
            
            CNNVD: CNNVD-201602-210 // 
            
            
            
            NVD: CVE-2015-7679

SOURCES
db:VULHUBid:VHN-85640
db:JVNDBid:JVNDB-2015-006876
db:CNNVDid:CNNVD-201602-210
db:NVDid:CVE-2015-7679

LAST UPDATE DATE
2025-04-13T23:35:05.406000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85640date:2016-02-18T00:00:00
db:JVNDBid:JVNDB-2015-006876date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-210date:2016-02-15T00:00:00
db:NVDid:CVE-2015-7679date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85640date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2015-006876date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-210date:2016-02-15T00:00:00
db:NVDid:CVE-2015-7679date:2016-02-10T15:59:03.413