CVE Vulnerability

CVE-2019-3489

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://softwaresupport.softwaregrp.com/doc/KM03359911 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:microfocus:content_manager:*:*:*:*:*:*:*:*
Information

Published : 2019-04-01 08:29

Updated : 2019-04-02 05:57

NVD link : CVE-2019-3489

Mitre link : CVE-2019-3489

Products Affected

Content Manager

Microfocus

CWE
CWE-434