Details of VAR-201602-0295

ID

VAR-201602-0295

CVE

CVE-2015-7680

TITLE

Ipswitch MOVEit DMZ Vulnerable to enumerating user names

Trust: 0.8

sources: JVNDB: JVNDB-2015-006877

DESCRIPTION

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx. Ipswitch MOVEit is an automated file transfer system from Ipswitch Corporation in the United States. The system supports control, management, and visibility into all business-critical file transfer activities through a single, secure system. DMZ is one version of this. There is a security vulnerability in Ipswitch MOVEit DMZ versions prior to 8.2

Trust: 1.71

sources: NVD: CVE-2015-7680 // JVNDB: JVNDB-2015-006877 // VULHUB: VHN-85641

AFFECTED PRODUCTS

vendor:	ipswitch	model:	moveit dmz	scope:	lte	version:	8.1	Trust: 1.0
vendor:	ipswitch	model:	moveit dmz	scope:	lt	version:	8.2	Trust: 0.8
vendor:	ipswitch	model:	moveit dmz	scope:	eq	version:	8.1	Trust: 0.6

sources: JVNDB: JVNDB-2015-006877 // CNNVD: CNNVD-201602-211 // NVD: CVE-2015-7680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7680
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7680
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-211
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85641
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7680
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85641
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7680
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-85641 // JVNDB: JVNDB-2015-006877 // CNNVD: CNNVD-201602-211 // NVD: CVE-2015-7680

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-85641 // JVNDB: JVNDB-2015-006877 // NVD: CVE-2015-7680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-211

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-211

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006877

PATCH

title:	MOVEit DMZ Release Notes 8.2	url:	http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf	Trust: 0.8
title:	Ipswitch MOVEit DMZ Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60153	Trust: 0.6

sources: JVNDB: JVNDB-2015-006877 // CNNVD: CNNVD-201602-211

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7680	Trust: 2.5
db:	PACKETSTORM	id:	135462	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-006877	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-211	Trust: 0.7
db:	VULHUB	id:	VHN-85641	Trust: 0.1

sources: VULHUB: VHN-85641 // JVNDB: JVNDB-2015-006877 // CNNVD: CNNVD-201602-211 // NVD: CVE-2015-7680

REFERENCES

url:	http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2016/jan/95	Trust: 1.7
url:	http://packetstormsecurity.com/files/135462/ipswitch-moveit-dmz-8.1-information-disclosure.html	Trust: 1.7
url:	https://profundis-labs.com/advisories/cve-2015-7680.txt	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7680	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7680	Trust: 0.8
url:	https://www.profundis-labs.com/advisories/cve-2015-7680.txt	Trust: 0.8

sources: VULHUB: VHN-85641 // JVNDB: JVNDB-2015-006877 // CNNVD: CNNVD-201602-211 // NVD: CVE-2015-7680

SOURCES

db:	VULHUB	id:	VHN-85641
db:	JVNDB	id:	JVNDB-2015-006877
db:	CNNVD	id:	CNNVD-201602-211
db:	NVD	id:	CVE-2015-7680

LAST UPDATE DATE

2025-04-13T23:03:13.969000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85641	date:	2016-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-006877	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-211	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2015-7680	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85641	date:	2016-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006877	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-211	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2015-7680	date:	2016-02-10T15:59:04.507