CVE-2020-11431
CRITICALi-net Clear Reports 16.0-19.2, HelpDesk 8.0-8.3, PDFC 4.3-6.2 - Unauthenticated Path Traversal
Title source: llmDescription
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_19.2
Patch, Vendor Advisory x_refsource_confirm
https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2020-apr-06
Patch, Vendor Advisory x_refsource_confirm
https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-06
Vendor Advisory x_refsource_confirm
https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-2020-apr-06
Scores
CVSS v3
9.1
EPSS
0.0209
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (3)
inetsoftware/clear_reports
16.0 - 19.2
inetsoftware/helpdesk
8.0 - 8.3
inetsoftware/pdfc
4.3 - 6.2
Published
May 07, 2020
Tracked Since
Feb 18, 2026