Vulnerability Description
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Filr | 3.0 |
| Suse | Suse Linux Enterprise Server | 11 |
Related Weaknesses (CWE)
References
- https://download.novell.com/Download?buildid=nZUCSDkvpxk~
- https://support.microfocus.com/kb/doc.php?id=7023726
- https://www.exploit-db.com/exploits/46450/
- https://download.novell.com/Download?buildid=nZUCSDkvpxk~
- https://support.microfocus.com/kb/doc.php?id=7023726
- https://www.exploit-db.com/exploits/46450/
FAQ
What is CVE-2019-3474?
CVE-2019-3474 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server....
How severe is CVE-2019-3474?
CVE-2019-3474 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3474?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Filr, Suse Suse Linux Enterprise Server.