CVE-2019-16384

MEDIUM

Cybele Thinfinity VirtualUI <2.5.17.2 - Path Traversal

Title source: llm
STIX 2.1

Description

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0109
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
cybelesoft/thinfinity_virtualui < 2.5.17.2
Published Jun 04, 2020
Tracked Since Feb 18, 2026