An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.novell.com/support/kb/doc.php?id=7019005 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published: 2017-05-18T14:00:00
Updated: 2024-08-05T16:04:11.272Z
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7433
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-05-18T14:29:00.167
Modified: 2023-11-07T02:50:07.790
Link: CVE-2017-7433
Redhat
No data.