CVE-2017-7433 — MEDIUM (6.5)

Q: How severe is CVE-2017-7433?

CVE-2017-7433 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7433?

Check the references section above for vendor advisories and patch information. Affected products include: Micro Focus Vibe.

Vulnerability Description

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Micro Focus	Vibe	<= 4.0.2

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2017-7433?

CVE-2017-7433 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cra...

How severe is CVE-2017-7433?

CVE-2017-7433 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7433?

Check the references section above for vendor advisories and patch information. Affected products include: Micro Focus Vibe.