CVE-2017-7433

{"id": "CVE-2017-7433", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-05-18T14:29:00.167", "references": [{"url": "https://www.novell.com/support/kb/doc.php?id=7019005", "source": "security@opentext.com"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7019005", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default)."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio (CWE-36) en Micro Focus Vibe 4.0.2 y versiones anteriores permite a un atacante remoto autenticado descargar archivos arbitrarios del servidor mediante el env\u00edo de una solicitud especialmente creada al endpoint viewFile. Tenga en cuenta que el ataque se puede realizar sin autenticaci\u00f3n si el acceso de invitado est\u00e1 activado (acceso de invitado est\u00e1 desactivado de forma predeterminada)."}], "lastModified": "2024-11-21T03:31:53.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:micro_focus:vibe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D74E1B6-E6B5-4C39-8389-553690DCDD28", "versionEndIncluding": "4.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}