Lucene search

[email protected]NVD:CVE-2019-11654

HistoryAug 23, 2019 - 6:15 p.m.

CVE-2019-11654

2019-08-2318:15:11

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.

Affected configurations

Nvd

Node

microfocusverastream_host_integratorMatch7.5-

microfocusverastream_host_integratorMatch7.5sp1

microfocusverastream_host_integratorMatch7.6-

microfocusverastream_host_integratorMatch7.6sp1

microfocusverastream_host_integratorMatch7.7-

microfocusverastream_host_integratorMatch7.7sp1

microfocusverastream_host_integratorMatch7.7sp1_update_1

microfocusverastream_host_integratorMatch7.7sp1_update_2

microfocusverastream_host_integratorMatch7.7sp2

VendorProductVersionCPE
microfocusverastream_host_integrator7.5cpe:2.3:a:microfocus:verastream_host_integrator:7.5:-:*:*:*:*:*:*
microfocusverastream_host_integrator7.5cpe:2.3:a:microfocus:verastream_host_integrator:7.5:sp1:*:*:*:*:*:*
microfocusverastream_host_integrator7.6cpe:2.3:a:microfocus:verastream_host_integrator:7.6:-:*:*:*:*:*:*
microfocusverastream_host_integrator7.6cpe:2.3:a:microfocus:verastream_host_integrator:7.6:sp1:*:*:*:*:*:*
microfocusverastream_host_integrator7.7cpe:2.3:a:microfocus:verastream_host_integrator:7.7:-:*:*:*:*:*:*
microfocusverastream_host_integrator7.7cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1:*:*:*:*:*:*
microfocusverastream_host_integrator7.7cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_1:*:*:*:*:*:*
microfocusverastream_host_integrator7.7cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_2:*:*:*:*:*:*
microfocusverastream_host_integrator7.7cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microfocus	verastream_host_integrator	7.5	cpe:2.3:a:microfocus:verastream_host_integrator:7.5:-::::::
microfocus	verastream_host_integrator	7.5	cpe:2.3:a:microfocus:verastream_host_integrator:7.5:sp1::::::
microfocus	verastream_host_integrator	7.6	cpe:2.3:a:microfocus:verastream_host_integrator:7.6:-::::::
microfocus	verastream_host_integrator	7.6	cpe:2.3:a:microfocus:verastream_host_integrator:7.6:sp1::::::
microfocus	verastream_host_integrator	7.7	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:-::::::
microfocus	verastream_host_integrator	7.7	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1::::::
microfocus	verastream_host_integrator	7.7	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_1::::::
microfocus	verastream_host_integrator	7.7	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_2::::::
microfocus	verastream_host_integrator	7.7	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp2::::::

References

support.microfocus.com/kb/doc.php?id=7024061

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON

Related for NVD:CVE-2019-11654

prion1 cve1 cvelist1