Micro Focus Filr 3.0 Update 2

CPE Details

Micro Focus Filr 3.0 Update 2
microfocus
filr
3.0
2019-09-25
14h33 +00:00
2019-09-25
14h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microfocus:filr:3.0:update_2:*:*:*:*:*:*

Informations

Vendor

microfocus

Product

filr

Version

3.0

Update

update_2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-32268 2023-12-06 13h29 +00:00 Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
7.2
High
CVE-2022-38755 2022-11-20 23h00 +00:00 A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
5.3
Medium
CVE-2020-25838 2020-12-11 00h37 +00:00 Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
6.5
Medium
CVE-2019-3474 2019-02-20 21h00 +00:00 A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
6.5
Medium
CVE-2019-3475 2019-02-20 21h00 +00:00 A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.