6.5
CVE-2019-3474
- EPSS 3.45%
- Veröffentlicht 20.02.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:06
- Quelle security@opentext.com
- Teams Watchlist Login
- Unerledigt Login
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microfocus ≫ Filr Version3.0 Update-
Microfocus ≫ Filr Version3.0 Updateupdate_1
Microfocus ≫ Filr Version3.0 Updateupdate_2
Microfocus ≫ Filr Version3.0 Updateupdate_3
Microfocus ≫ Filr Version3.0 Updateupdate_4
Microfocus ≫ Filr Version3.0 Updateupdate_5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.45% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| security@opentext.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.