Описание
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:microfocus:filr:3.0:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:filr:3.0:update_1:*:*:*:*:*:*
cpe:2.3:a:microfocus:filr:3.0:update_2:*:*:*:*:*:*
cpe:2.3:a:microfocus:filr:3.0:update_3:*:*:*:*:*:*
cpe:2.3:a:microfocus:filr:3.0:update_4:*:*:*:*:*:*
cpe:2.3:a:microfocus:filr:3.0:update_5:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03263
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
EPSS
Процентиль: 87%
0.03263
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
CWE-22