Vulnerability Description
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inetsoftware | Clear Reports | >= 16.0, <= 19.2 |
| Inetsoftware | Helpdesk | >= 8.0, <= 8.3 |
| Inetsoftware | Pdfc | >= 4.3, <= 6.2 |
Related Weaknesses (CWE)
References
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/cRelease NotesVendor Advisory
- https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2PatchVendor Advisory
- https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-Vendor Advisory
- https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-0PatchVendor Advisory
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/cRelease NotesVendor Advisory
- https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2PatchVendor Advisory
- https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-Vendor Advisory
- https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-0PatchVendor Advisory
FAQ
What is CVE-2020-11431?
CVE-2020-11431 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the...
How severe is CVE-2020-11431?
CVE-2020-11431 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-11431?
Check the references section above for vendor advisories and patch information. Affected products include: Inetsoftware Clear Reports, Inetsoftware Helpdesk, Inetsoftware Pdfc.