Path Traversal Vulnerability (CVE-2019-11654)

Document ID:7024061
Creation Date:13-Aug-2019
Modified Date:21-Aug-2019
- Micro Focus Products:
  Verastream Host Integrator (VHI)

Environment

Verastream Host Integrator version 7.7 SP2 and earlier

Situation

A path traversal vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows remote unauthenticated attackers to read arbitrary files. This vulnerability affects VHI versions 7.7 SP2 and earlier.

Resolution

An update, VHI 7.7 SP2 Update 1, that fixes this vulnerability is available to maintained customers through the download website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible.

Status

Security Alert

Additional Information

CVE Reference and CVSS Version 3.0 and Version 2.0 Base Metrics:

Reference	V3 Vector	V3 Base Score	V2 Vector	V2 Base Score
CVE-2019-11654	CVSS:3.0AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	8.6	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	7.8