CVE-2019-3489
HIGHMicrofocus Content Manager < 9.3 - Unrestricted File Upload
Title source: ruleDescription
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03359911
Scores
CVSS v3
7.5
EPSS
0.0067
EPSS Percentile
71.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-434
Status
published
Products (1)
microfocus/content_manager
9.1 - 9.3
Published
Apr 01, 2019
Tracked Since
Feb 18, 2026