CVE-2019-3474

Path traversal vulnerability in Filr web application

CVSS 6.5 MEDIUMEPSS 9.0%CWE-22

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Micro Focus · Filr

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/46450/unverified exploitdbwww.exploit-db.com/exploits/46450unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://download.novell.com/Download?buildid=nZUCSDkvpxk~https://support.microfocus.com/kb/doc.php?id=7023726 https://www.exploit-db.com/exploits/46450/