CVE-2019-8385

CRITICAL

Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8385. PoCs published by 0v3rride.

AI-analyzed exploit summary This script checks for a directory traversal vulnerability in Thomson Reuters Concourse & Firm Central by sending a GET request to a specified host and port, then analyzing the response for a specific error message. It does not exploit the vulnerability but provides guidance for manual exploitation using Burp Suite.

Description

An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.

Exploits (1)

exploitdb SCANNER

by 0v3rride · pythonwebappswindows

https://www.exploit-db.com/exploits/46615

View Code ZIP pw:eip

This script checks for a directory traversal vulnerability in Thomson Reuters Concourse & Firm Central by sending a GET request to a specified host and port, then analyzing the response for a specific error message. It does not exploit the vulnerability but provides guidance for manual exploitation using Burp Suite.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Thomson Reuters Concourse & Firm Central < 2.13.0097

No auth needed

Prerequisites: Network access to the target service on port 6677 (or 7000-7002) · Service must be running and accessible

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html

Vendor Advisory x_refsource_misc

https://www.thomsonreuters.com/en/products-services.html

Scores

CVSS v3 9.8

EPSS 0.1964

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

thomsonreuters/concourse_matter_room < 2.13.0098

thomsonreuters/firm_central_desktop < 2.13.0098

Published Jun 05, 2019

Tracked Since Feb 18, 2026