Lucene search

[email protected]CVE-2019-11654

HistoryAug 23, 2019 - 6:15 p.m.

CVE-2019-11654

2019-08-2318:15:11

CWE-22

[email protected]

web.nvd.nist.gov

cve-2019-11654

path traversal

micro focus verastream host integrator

vhi

security vulnerability

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.

Affected configurations

NVD

Node

microfocusverastream_host_integratorMatch7.5-

microfocusverastream_host_integratorMatch7.5sp1

microfocusverastream_host_integratorMatch7.6-

microfocusverastream_host_integratorMatch7.6sp1

microfocusverastream_host_integratorMatch7.7-

microfocusverastream_host_integratorMatch7.7sp1

microfocusverastream_host_integratorMatch7.7sp1_update_1

microfocusverastream_host_integratorMatch7.7sp1_update_2

microfocusverastream_host_integratorMatch7.7sp2

CPENameOperatorVersion
microfocus:verastream_host_integratormicrofocus verastream host integratoreq7.5
microfocus:verastream_host_integratormicrofocus verastream host integratoreq7.6
microfocus:verastream_host_integratormicrofocus verastream host integratoreq7.7

CPE	Name	Operator	Version
microfocus:verastream_host_integrator	microfocus verastream host integrator	eq	7.5
microfocus:verastream_host_integrator	microfocus verastream host integrator	eq	7.6
microfocus:verastream_host_integrator	microfocus verastream host integrator	eq	7.7

CNA Affected

[
  {
    "product": "Verastream Host Integrator ",
    "vendor": "Micro Focus",
    "versions": [
      {
        "lessThan": "7.7 SP2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.microfocus.com/kb/doc.php?id=7024061

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2019-11654

prion1 cvelist1 nvd1