CVE-2019-3474

MEDIUM

Micro Focus Filr 3.x - Authenticated Path Traversal and Arbitrary File Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-3474. PoCs published by SecureAuth.

AI-analyzed exploit summary The exploit demonstrates a path traversal vulnerability (CVE-2019-3474) and a local privilege escalation (CVE-2019-3475) in Micro Focus Filr. The path traversal allows reading arbitrary files, while the LPE involves replacing a daemon binary to gain root access.

Description

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecureAuth · textwebappslinux
https://www.exploit-db.com/exploits/46450

The exploit demonstrates a path traversal vulnerability (CVE-2019-3474) and a local privilege escalation (CVE-2019-3475) in Micro Focus Filr. The path traversal allows reading arbitrary files, while the LPE involves replacing a daemon binary to gain root access.

Classification
Working Poc 100%
Attack Type
Info Leak | Lpe
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus Filr 3.4.0.217
Auth required
Prerequisites: Authenticated user access · Ability to upload files · Local access for LPE
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46450/
Various Sources x_refsource_misc
https://support.microfocus.com/kb/doc.php?id=7023726

Scores

CVSS v3 6.5
EPSS 0.0895
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
microfocus/filr 3.0 (6 CPE variants)
Published Feb 20, 2019
Tracked Since Feb 18, 2026