CVE-2019-3489

HIGH

Micro Focus Content Manager 9.1-9.3 - Unauthenticated Arbitrary File Upload via Web Client

Title source: llm

Description

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://softwaresupport.softwaregrp.com/doc/KM03359911

Scores

CVSS v3 7.5

EPSS 0.0169

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-434

Status published

Products (1)

microfocus/content_manager 9.1 - 9.3

Published Apr 01, 2019

Tracked Since Feb 18, 2026