Vulnerability Details : CVE-2019-3489
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.
Published
2019-04-01 20:29:01
Updated
2019-04-02 17:57:30
Products affected by CVE-2019-3489
- cpe:2.3:a:microfocus:content_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3489
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3489
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-3489
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3489
-
https://softwaresupport.softwaregrp.com/doc/KM03359911
MySupport - Micro Focus Software SupportVendor Advisory
Jump to