Path traversal vulnerability in Filr web application

  • 7023726
  • 19-Feb-2019
  • 19-Feb-2019

Environment

Filr 3.0

Situation

A path traversal vulnerability in the web application component of Micro Focus Filr 3.0 allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server.

Resolution

This will be addressed by applying Filr 3.0 Security Update 6.

Status

Security Alert

Additional Information

This vulnerability was discovered and researched by Matias Choren from SecureAuth.

CVE-2019-3474