PT-2020-12604 · I Net · I-Net Clear Reports

Published

2020-05-07

Updated

2020-05-12

CVE-2020-11431

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions i-net Clear Reports versions 16.0 through 19.2 HelpDesk versions 8.0 through 8.3 PDFC versions 4.3 through 6.2

Description The issue allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal. This is related to the documentation component.

Recommendations For i-net Clear Reports versions 16.0 through 19.2, update to a version that fixes the Directory Traversal issue in the documentation component. For HelpDesk versions 8.0 through 8.3, update to a version that fixes the Directory Traversal issue in the documentation component. For PDFC versions 4.3 through 6.2, update to a version that fixes the Directory Traversal issue in the documentation component. As a temporary workaround, consider restricting access to the documentation component until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-11431

Affected Products

I-Net Clear Reports

PT-2020-12604 · I Net · I-Net Clear Reports

CVE-2020-11431

Weakness Enumeration

Related Identifiers

Affected Products

References · 7