CVE-2019-3474
Path traversal vulnerability in Filr web application
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Una vulnerabilidad de salto de directorio en el componente de aplicaciĆ³n web de Micro Focus Filr, en versiones 3.x, permite que un atacante remoto autenticado como usuario con pocos privilegios descargue archivos arbitrarios del servidor Filr. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6.
Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.
*Credits:
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-31 CVE Reserved
- 2019-02-20 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://download.novell.com/Download?buildid=nZUCSDkvpxk~ | X_refsource_misc | |
| https://support.microfocus.com/kb/doc.php?id=7023726 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46450 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | - |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_1 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_2 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_3 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_4 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_5 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|