PT-2019-16596 · Micro Focus · Micro Focus Content Manager

Publicado

2019-04-01

Atualizado

2019-04-02

CVE-2019-3489

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Micro Focus Content Manager versions 9.1 through 9.3

Description An unauthenticated file upload issue has been identified in the Web Client component when configured to use the ADFS authentication method. This could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the server.

Recommendations For versions 9.1 through 9.3, consider disabling the ADFS authentication method in the Web Client component until a patch is available. Restrict access to the Web Client component to minimize the risk of exploitation.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-3489

Produtos afetados

Micro Focus Content Manager

PT-2019-16596 · Micro Focus · Micro Focus Content Manager

CVE-2019-3489

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3