CVE-2017-7433
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
Una vulnerabilidad de salto de directorio (CWE-36) en Micro Focus Vibe 4.0.2 y versiones anteriores permite a un atacante remoto autenticado descargar archivos arbitrarios del servidor mediante el envío de una solicitud especialmente creada al endpoint viewFile. Tenga en cuenta que el ataque se puede realizar sin autenticación si el acceso de invitado está activado (acceso de invitado está desactivado de forma predeterminada).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-05-18 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.novell.com/support/kb/doc.php?id=7019005 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Micro Focus Search vendor "Micro Focus" | Vibe Search vendor "Micro Focus" for product "Vibe" | <= 4.0.2 Search vendor "Micro Focus" for product "Vibe" and version " <= 4.0.2" | - |
Affected
| ||||||