CVE-2023-32268 – Administrator equivalent Filr user can access proxy administrator credentials
https://notcve.org/view.php?id=CVE-2023-32268
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Exposición de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy. • https://portal.microfocus.com/s/article/KM000020081?language=en_US • CWE-522: Insufficiently Protected Credentials •
CVE-2022-38755 – Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
https://notcve.org/view.php?id=CVE-2022-38755
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. Se ha identificado una vulnerabilidad en Micro Focus Filr en versiones anteriores a la 4.3.1.1. • https://portal.microfocus.com/s/article/KM000011886?language=en_US •
CVE-2020-25838
https://notcve.org/view.php?id=CVE-2020-25838
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. Una vulnerabilidad de divulgación de información confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. • https://softwaresupport.softwaregrp.com/doc/KM03767186 •
CVE-2020-25832
https://notcve.org/view.php?id=CVE-2020-25832
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. Una vulnerabilidad de tipo Cross Site scripting reflejada en el producto Micro Focus Filr, afectando a la versión 4.2.1. La vulnerabilidad podría ser explotada para llevar a cabo un ataque de tipo XSS reflejado • https://softwaresupport.softwaregrp.com/doc/KM03763396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3475 – Local privilege escalation in Filr famtd
https://notcve.org/view.php?id=CVE-2019-3475
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Una vulnerabilidad de escalado de privilegios local en el componente famtd de Micro Focus Filr 3.0 permite que un atacante local autenticado como usuario con bajos privilegios escale a root. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6. Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46450 https://download.novell.com/Download?buildid=nZUCSDkvpxk~ https://support.microfocus.com/kb/doc.php?id=7023727 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •