CVE-2020-11431

Sažetak

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.

Reference

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_19.2
https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2020-apr-06
https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-2020-apr-06
https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-06

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

12-05-2020 - 18:12

Objavljeno

07-05-2020 - 17:15