Known Vulnerabilities for products from Ipswitch
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ipswitch".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-18465 | In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in withou... | 9.8 - CRITICAL | 2019-10-31 | 2019-11-04 |
| CVE-2019-18464 | In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), mu... | 9.8 - CRITICAL | 2019-10-31 | 2019-11-06 |
| CVE-2019-16383 | MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows... | 9.4 - CRITICAL | 2019-09-24 | 2020-04-14 |
| CVE-2019-12146 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attacker... | 9.1 - CRITICAL | 2019-06-11 | 2019-06-12 |
| CVE-2019-12145 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attac... | 7.5 - HIGH | 2019-06-11 | 2019-06-12 |
| CVE-2019-12144 | An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability ... | 9.8 - CRITICAL | 2019-06-11 | 2019-06-12 |
| CVE-2018-8939 | An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially ... | 9.8 - CRITICAL | 2018-05-01 | 2018-06-13 |
| CVE-2018-8938 | A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors c... | 9.8 - CRITICAL | 2018-05-01 | 2018-06-13 |
| CVE-2018-6545 | Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attac... | 6.1 - MEDIUM | 2018-02-02 | 2018-02-14 |
| CVE-2018-5778 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are pr... | 9.8 - CRITICAL | 2018-01-24 | 2018-02-09 |
| CVE-2018-5777 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a miscon... | 9.8 - CRITICAL | 2018-01-24 | 2019-10-03 |
| CVE-2017-16513 | Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, a... | 7.8 - HIGH | 2017-11-03 | 2017-11-27 |
| CVE-2017-12639 | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary ... | 9.8 - CRITICAL | 2017-10-03 | 2017-10-10 |
| CVE-2017-12638 | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary ... | 9.8 - CRITICAL | 2017-10-03 | 2017-10-10 |
| CVE-2017-6195 | Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer... | 9.8 - CRITICAL | 2017-05-18 | 2017-05-26 |
| CVE-2016-1000000 | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | 8.8 - HIGH | 2016-10-06 | 2017-11-03 |
| CVE-2015-8261 | The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML ... | 9.8 - CRITICAL | 2016-01-08 | 2017-09-10 |
| CVE-2015-7680 | Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user ac... | 5.3 - MEDIUM | 2016-02-10 | 2016-02-18 |
| CVE-2015-7679 | Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary w... | 6.1 - MEDIUM | 2016-02-10 | 2016-02-18 |
| CVE-2015-7678 | Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attac... | 8.8 - HIGH | 2016-02-10 | 2016-02-18 |
Known software with vulnerabilities from Ipswitch
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ipswitch | Imail | 5.0 |
| Application | Ipswitch | Imail Client | 9.22 |
| Application | Ipswitch | Imail Express | 8.03 |
| Application | Ipswitch | Imail Plus | 2006 |
| Application | Ipswitch | Imail Premium | 2006 |
| Application | Ipswitch | Imail Secure Server | 2006 |
| Application | Ipswitch | Imail Server | 8.2 |
| Application | Ipswitch | Imserver | 2.0.5.30 |
| Application | Ipswitch | Instant Messaging | 2.0 |
| Application | Ipswitch | Ipswitch Collaboration Suite | 2.0 |
| Application | Ipswitch | Ipswitch Secure Server | 2006 |
| Application | Ipswitch | Moveit | 8.1 |
| Application | Ipswitch | Moveit Dmz | 8.1 |
| Application | Ipswitch | Moveit Mobile | 1.2.0.962 |
| Application | Ipswitch | Moveit Transfer | 10.2.0 |
| Application | Ipswitch | Whatsup | 2005 |
| Application | Ipswitch | Whatsup Gold | 7.0 |
| Application | Ipswitch | Wincom Lpd | 1.00.90 |
| Application | Ipswitch | Ws Ftp | 1.0.5 |
| Application | Ipswitch | Ws Ftp Server | 1.0.1 |