Path Traversal Vulnerability (CVE-2019-11654)

  • 7024061
  • 13-Aug-2019
  • 21-Aug-2019

Environment

Verastream Host Integrator version 7.7 SP2 and earlier

Situation

A path traversal vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows remote unauthenticated attackers to read arbitrary files. This vulnerability affects VHI versions 7.7 SP2 and earlier.

Resolution

An update, VHI 7.7 SP2 Update 1, that fixes this vulnerability is available to maintained customers through the download website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible. 

Status

Security Alert

Additional Information

CVE Reference and CVSS Version 3.0 and Version 2.0 Base Metrics:

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11654

CVSS:3.0AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.6

 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

7.8


Feedback service temporarily unavailable. For content questions or problems, please contact Support.