CVE-2019-3474

MEDIUM

Microfocus Filr - Path Traversal

Title source: rule
STIX 2.1

Description

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecureAuth · textwebappslinux
https://www.exploit-db.com/exploits/46450

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46450/
Various Sources x_refsource_misc
https://support.microfocus.com/kb/doc.php?id=7023726

Scores

CVSS v3 6.5
EPSS 0.0326
EPSS Percentile 87.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
microfocus/filr 3.0 (6 CPE variants)
Published Feb 20, 2019
Tracked Since Feb 18, 2026