Critical severity9.8NVD Advisory· Published May 18, 2017· Updated May 13, 2026

CVE-2017-6195

Description

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

Affected products

Ipswitch, Inc./Moveit Dmz3 versions
cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ipswitch:moveit_dmz:*:*:*:*:*:*:*:*range: <=8.1
- cpe:2.3:a:ipswitch:moveit_dmz:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:moveit_dmz:8.3:*:*:*:*:*:*:*
Ipswitch, Inc./Moveit Transfer 2017
cpe:2.3:a:ipswitch:moveit_transfer_2017:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdfnvdPatchVendor Advisory
www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txtnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000