PT-2019-16596 · Micro Focus · Micro Focus Content Manager

Published

2019-04-01

Updated

2019-04-02

CVE-2019-3489

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Micro Focus Content Manager versions 9.1 through 9.3

Description An unauthenticated file upload issue has been identified in the Web Client component when configured to use the ADFS authentication method. This could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the server.

Recommendations For versions 9.1 through 9.3, consider disabling the ADFS authentication method in the Web Client component until a patch is available. Restrict access to the Web Client component to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-3489

Affected Products

Micro Focus Content Manager

PT-2019-16596 · Micro Focus · Micro Focus Content Manager

CVE-2019-3489

Weakness Enumeration

Related Identifiers

Affected Products

References · 3