Search criteria
18 vulnerabilities found for filr by microfocus
FKIE_CVE-2023-32268
Vulnerability from fkie_nvd - Published: 2023-12-06 14:15 - Updated: 2024-11-21 08:03
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7335361-D90F-4A63-AF4F-1D401C1BFB86",
"versionEndExcluding": "23.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nExposure of Proxy Administrator Credentials\n\nAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy."
}
],
"id": "CVE-2023-32268",
"lastModified": "2024-11-21T08:03:00.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-06T14:15:07.347",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38755
Vulnerability from fkie_nvd - Published: 2022-11-21 17:15 - Updated: 2024-11-21 07:17
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87333A56-4C86-4BCA-9E4E-37DFF18D6536",
"versionEndExcluding": "4.3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Micro Focus Filr en versiones anteriores a la 4.3.1.1. La vulnerabilidad podr\u00eda explotarse para permitir que un atacante remoto no autenticado enumere los usuarios v\u00e1lidos del sistema. Enumeraci\u00f3n remota de usuarios no autenticados. Este problema afecta a: Versiones de Micro Focus Filr anteriores a la 4.3.1.1."
}
],
"id": "CVE-2022-38755",
"lastModified": "2024-11-21T07:17:01.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-21T17:15:27.823",
"references": [
{
"source": "security@opentext.com",
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25838
Vulnerability from fkie_nvd - Published: 2020-12-11 02:15 - Updated: 2024-11-21 05:18
Severity ?
Summary
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | * | |
| microfocus | filr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D990CF-ADAD-4684-BCF7-793AC866A448",
"versionEndExcluding": "3.4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0919AB56-74F9-4C71-818E-EE12207E3B72",
"versionEndExcluding": "4.2.1.1.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial no autorizada en el producto Micro Focus Filr.\u0026#xa0;Afectando a todas las versiones 3.x y 4.x.\u0026#xa0;La vulnerabilidad podr\u00eda ser explotada para revelar informaci\u00f3n confidencial no autorizada"
}
],
"id": "CVE-2020-25838",
"lastModified": "2024-11-21T05:18:52.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T02:15:11.350",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25832
Vulnerability from fkie_nvd - Published: 2020-11-17 02:15 - Updated: 2024-11-21 05:18
Severity ?
Summary
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | 4.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2059AF8B-39CD-4BCA-9A7A-D0AF53A9C93D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site scripting reflejada en el producto Micro Focus Filr, afectando a la versi\u00f3n 4.2.1. La vulnerabilidad podr\u00eda ser explotada para llevar a cabo un ataque de tipo XSS reflejado"
}
],
"id": "CVE-2020-25832",
"lastModified": "2024-11-21T05:18:51.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-17T02:15:13.487",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3474
Vulnerability from fkie_nvd - Published: 2019-02-20 22:29 - Updated: 2024-11-21 04:42
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| suse | suse_linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58764C6E-A22A-4732-8707-4D2E9F7112F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "4890BAB5-1505-4FC3-92B5-EB08FDE93DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "F8437EBB-AAC3-4E10-BD30-7E41FED762A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7F05D20C-3CEA-4A9A-AC7E-7233BA58E624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "B842ABF3-85AE-4369-9997-F3A5982F9F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "6BD7B9AE-7249-44B5-9A99-E2EC85E4A723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*",
"matchCriteriaId": "93AD897C-C9F7-4B4D-BC39-5E13920383D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el componente de aplicaci\u00f3n web de Micro Focus Filr, en versiones 3.x, permite que un atacante remoto autenticado como usuario con pocos privilegios descargue archivos arbitrarios del servidor Filr. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6."
}
],
"id": "CVE-2019-3474",
"lastModified": "2024-11-21T04:42:06.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-20T22:29:00.273",
"references": [
{
"source": "security@opentext.com",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46450/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3475
Vulnerability from fkie_nvd - Published: 2019-02-20 22:29 - Updated: 2024-11-21 04:42
Severity ?
Summary
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| microfocus | filr | 3.0 | |
| suse | suse_linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58764C6E-A22A-4732-8707-4D2E9F7112F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "4890BAB5-1505-4FC3-92B5-EB08FDE93DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "F8437EBB-AAC3-4E10-BD30-7E41FED762A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7F05D20C-3CEA-4A9A-AC7E-7233BA58E624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "B842ABF3-85AE-4369-9997-F3A5982F9F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:filr:3.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "6BD7B9AE-7249-44B5-9A99-E2EC85E4A723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*",
"matchCriteriaId": "93AD897C-C9F7-4B4D-BC39-5E13920383D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalado de privilegios local en el componente famtd de Micro Focus Filr 3.0 permite que un atacante local autenticado como usuario con bajos privilegios escale a root. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6."
}
],
"id": "CVE-2019-3475",
"lastModified": "2024-11-21T04:42:06.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-20T22:29:00.337",
"references": [
{
"source": "security@opentext.com",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46450/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-32268 (GCVE-0-2023-32268)
Vulnerability from cvelistv5 – Published: 2023-12-06 13:29 – Updated: 2024-08-02 15:10
VLAI?
Title
Administrator equivalent Filr user can access proxy administrator credentials
Summary
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Severity ?
7.2 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"64 bit"
],
"product": "Filr",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "23.2",
"status": "affected",
"version": "5.x",
"versionType": "rpm"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nExposure of Proxy Administrator Credentials\u003cbr\u003e\u003cbr\u003eAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
}
],
"value": "\nExposure of Proxy Administrator Credentials\n\nAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T13:29:03.979Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nOpenText Filr 23.2.1 release has the fix for this vulnerability\n\n\u003cbr\u003e"
}
],
"value": "\nOpenText Filr 23.2.1 release has the fix for this vulnerability\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Administrator equivalent Filr user can access proxy administrator credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-32268",
"datePublished": "2023-12-06T13:29:03.979Z",
"dateReserved": "2023-05-05T14:42:20.153Z",
"dateUpdated": "2024-08-02T15:10:24.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38755 (GCVE-0-2022-38755)
Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-04-29 20:32
VLAI?
Title
Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
Summary
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
Severity ?
5.3 (Medium)
CWE
- Remote unauthenticated user enumeration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Filr |
Affected:
unspecified , < 4.3.1.1
(custom)
|
Credits
Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:29:39.763755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:32:05.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Filr ",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote unauthenticated user enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-21T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus Filr:\nPlease update to Micro Focus Filr 4.3.1.1 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38755",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:32:05.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25838 (GCVE-0-2020-25838)
Vulnerability from cvelistv5 – Published: 2020-12-11 01:37 – Updated: 2024-08-04 15:40
VLAI?
Summary
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
Severity ?
No CVSS data available.
CWE
- Unauthorized disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:37.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 3.x and 4.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"version_value": "All 3.x and 4.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03767186",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25838",
"datePublished": "2020-12-11T01:37:27",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:37.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25832 (GCVE-0-2020-25832)
Vulnerability from cvelistv5 – Published: 2020-11-17 01:06 – Updated: 2024-08-04 15:40
VLAI?
Summary
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.
Severity ?
No CVSS data available.
CWE
- Reflected Cross Site scripting.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
4.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:00",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"version_value": "4.2.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03763396",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25832",
"datePublished": "2020-11-17T01:06:21",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3475 (GCVE-0-2019-3475)
Vulnerability from cvelistv5 – Published: 2019-02-20 22:00 – Updated: 2024-08-04 19:12
VLAI?
Title
Local privilege escalation in Filr famtd
Summary
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Severity ?
7.8 (High)
CWE
- CWE-264 - Privileges, and Access Control [CWE-264]
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
3 , < 3.0 Security Update 6
(custom)
|
Credits
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.0 Security Update 6",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Privileges, and Access Control [CWE-264]",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:08",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation in Filr famtd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3475",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation in Filr famtd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3",
"version_value": "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileges, and Access Control [CWE-264]"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46450",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023727",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"name": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource": "MISC",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3475",
"datePublished": "2019-02-20T22:00:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3474 (GCVE-0-2019-3474)
Vulnerability from cvelistv5 – Published: 2019-02-20 22:00 – Updated: 2024-08-04 19:12
VLAI?
Title
Path traversal vulnerability in Filr web application
Summary
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Path traversal [CWE-22]
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
3 , < 3.0 Security Update 6
(custom)
|
Credits
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.0 Security Update 6",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path traversal [CWE-22]",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in Filr web application",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3474",
"STATE": "PUBLIC",
"TITLE": "Path traversal vulnerability in Filr web application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3",
"version_value": "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal [CWE-22]"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46450",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"name": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource": "MISC",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023726",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3474",
"datePublished": "2019-02-20T22:00:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32268 (GCVE-0-2023-32268)
Vulnerability from nvd – Published: 2023-12-06 13:29 – Updated: 2024-08-02 15:10
VLAI?
Title
Administrator equivalent Filr user can access proxy administrator credentials
Summary
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Severity ?
7.2 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"64 bit"
],
"product": "Filr",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "23.2",
"status": "affected",
"version": "5.x",
"versionType": "rpm"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nExposure of Proxy Administrator Credentials\u003cbr\u003e\u003cbr\u003eAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
}
],
"value": "\nExposure of Proxy Administrator Credentials\n\nAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T13:29:03.979Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nOpenText Filr 23.2.1 release has the fix for this vulnerability\n\n\u003cbr\u003e"
}
],
"value": "\nOpenText Filr 23.2.1 release has the fix for this vulnerability\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Administrator equivalent Filr user can access proxy administrator credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-32268",
"datePublished": "2023-12-06T13:29:03.979Z",
"dateReserved": "2023-05-05T14:42:20.153Z",
"dateUpdated": "2024-08-02T15:10:24.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38755 (GCVE-0-2022-38755)
Vulnerability from nvd – Published: 2022-11-21 00:00 – Updated: 2025-04-29 20:32
VLAI?
Title
Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
Summary
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
Severity ?
5.3 (Medium)
CWE
- Remote unauthenticated user enumeration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Filr |
Affected:
unspecified , < 4.3.1.1
(custom)
|
Credits
Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:29:39.763755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:32:05.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Filr ",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote unauthenticated user enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-21T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus Filr:\nPlease update to Micro Focus Filr 4.3.1.1 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38755",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:32:05.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25838 (GCVE-0-2020-25838)
Vulnerability from nvd – Published: 2020-12-11 01:37 – Updated: 2024-08-04 15:40
VLAI?
Summary
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
Severity ?
No CVSS data available.
CWE
- Unauthorized disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:37.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 3.x and 4.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"version_value": "All 3.x and 4.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03767186",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25838",
"datePublished": "2020-12-11T01:37:27",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:37.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25832 (GCVE-0-2020-25832)
Vulnerability from nvd – Published: 2020-11-17 01:06 – Updated: 2024-08-04 15:40
VLAI?
Summary
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.
Severity ?
No CVSS data available.
CWE
- Reflected Cross Site scripting.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
4.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:00",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"version_value": "4.2.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03763396",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25832",
"datePublished": "2020-11-17T01:06:21",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3475 (GCVE-0-2019-3475)
Vulnerability from nvd – Published: 2019-02-20 22:00 – Updated: 2024-08-04 19:12
VLAI?
Title
Local privilege escalation in Filr famtd
Summary
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Severity ?
7.8 (High)
CWE
- CWE-264 - Privileges, and Access Control [CWE-264]
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
3 , < 3.0 Security Update 6
(custom)
|
Credits
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.0 Security Update 6",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Privileges, and Access Control [CWE-264]",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:08",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation in Filr famtd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3475",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation in Filr famtd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3",
"version_value": "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileges, and Access Control [CWE-264]"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46450",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023727",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
},
{
"name": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource": "MISC",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3475",
"datePublished": "2019-02-20T22:00:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3474 (GCVE-0-2019-3474)
Vulnerability from nvd – Published: 2019-02-20 22:00 – Updated: 2024-08-04 19:12
VLAI?
Title
Path traversal vulnerability in Filr web application
Summary
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Path traversal [CWE-22]
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Filr |
Affected:
3 , < 3.0 Security Update 6
(custom)
|
Credits
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Filr",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.0 Security Update 6",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path traversal [CWE-22]",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "46450",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in Filr web application",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3474",
"STATE": "PUBLIC",
"TITLE": "Path traversal vulnerability in Filr web application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3",
"version_value": "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal [CWE-22]"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46450",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46450/"
},
{
"name": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource": "MISC",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023726",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3474",
"datePublished": "2019-02-20T22:00:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}