CVE-2020-11431

moderate-risk
Published 2020-05-07

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Clear Reports
Helpdesk
Pdfc

Affected Vendors

Inetsoftware

References (8)

Release Notes https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/c...
Patch https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2...
Vendor Advisory https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-...
Patch https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-0...
Release Notes https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/c...
Patch https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2...
Vendor Advisory https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-...
Patch https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-0...
45
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 5/34 · Minimal
Exposure 9/34 · Low