PT-2019-12282 · Rapid4+1 · Rapidflows Enterprise Application Builder+1
Published
2019-05-14
·
Updated
2024-02-14
·
CVE-2019-11397
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rapid4 RapidFlows Enterprise Application Builder version 4.5M.23
Description
The issue allows for Local File Inclusion via the
FileDesc parameter in the GetFile.aspx file. This can be exploited when the software is used with .NET Framework 4.5.Recommendations
For version 4.5M.23, consider restricting access to the GetFile.aspx file or avoiding the use of the
FileDesc parameter until a fix is available.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net Framework
Rapidflows Enterprise Application Builder