CVE-2019-8385

CRITICAL

Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal

Title source: rule

Description

An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.

Exploits (1)

exploitdb SCANNER
by 0v3rride · pythonwebappswindows
https://www.exploit-db.com/exploits/46615

References (2)

Scores

CVSS v3 9.8
EPSS 0.1070
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
thomsonreuters/concourse_matter_room < 2.13.0098
thomsonreuters/firm_central_desktop < 2.13.0098
Published Jun 05, 2019
Tracked Since Feb 18, 2026