CVE-2019-3474

high-risk

Published 2019-02-20

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

Do I need to act?

3.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

46450

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (6)

Filr

Affected Vendors

Microfocus

References (6)

https://download.novell.com/Download?buildid=nZUCSDkvpxk~

https://support.microfocus.com/kb/doc.php?id=7023726

https://www.exploit-db.com/exploits/46450/

https://download.novell.com/Download?buildid=nZUCSDkvpxk~

https://support.microfocus.com/kb/doc.php?id=7023726

https://www.exploit-db.com/exploits/46450/

/ 100

high-risk

Severity 24/34 · High

Exploitability 14/34 · Moderate

Exposure 13/34 · Low