CVE-2019-11654 - OpenCVE

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Verastream Host Integrator

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:verastream_host_integrator:7.5:-::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.5:sp1::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.6:-::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.6:sp1::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:-::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_1::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_2::::::
	cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp2::::::

References

Link	Resource
https://support.microfocus.com/kb/doc.php?id=7024061

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2019-08-23T17:20:11

Updated: 2021-01-06T16:15:33

Reserved: 2019-05-01T00:00:00

Link: CVE-2019-11654

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-23T18:15:11.113

Modified: 2023-11-07T03:03:06.440

Link: CVE-2019-11654

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Verastream Host Integrator ", "vendor": "Micro Focus", "versions": [{"lessThan": "7.7 SP2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files."}], "exploits": [{"lang": "en", "value": "Path traversal "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "A path traversal vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows remote unauthenticated attackers to read arbitrary files.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:33", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.microfocus.com/kb/doc.php?id=7024061"}], "solutions": [{"lang": "en", "value": "An update, VHI 7.7 SP2 Update 1, that fixes this vulnerability is available to maintained customers through the download website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible."}], "source": {"discovery": "INTERNAL"}, "title": "A path traversal vulnerability has been identified in Verastream Host Integrator ", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2019-11654", "STATE": "PUBLIC", "TITLE": "A path traversal vulnerability has been identified in Verastream Host Integrator "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Verastream Host Integrator ", "version": {"version_data": [{"version_affected": "<", "version_value": "7.7 SP2"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files."}]}, "exploit": [{"lang": "en", "value": "Path traversal "}], "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A path traversal vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows remote unauthenticated attackers to read arbitrary files."}]}]}, "references": {"reference_data": [{"name": "https://support.microfocus.com/kb/doc.php?id=7024061", "refsource": "CONFIRM", "url": "https://support.microfocus.com/kb/doc.php?id=7024061"}]}, "solution": [{"lang": "en", "value": "An update, VHI 7.7 SP2 Update 1, that fixes this vulnerability is available to maintained customers through the download website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible."}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2019-11654", "datePublished": "2019-08-23T17:20:11", "dateReserved": "2019-05-01T00:00:00", "dateUpdated": "2021-01-06T16:15:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.5:-:*:*:*:*:*:*", "matchCriteriaId": "DF4012BA-FAF6-4360-A8F7-48D401D292DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "268AABE9-0BFA-45B5-BA79-C11E8E2A39B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.6:-:*:*:*:*:*:*", "matchCriteriaId": "E0FE6A03-0DC9-4C18-AA62-1C5D8D0F84C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.6:sp1:*:*:*:*:*:*", "matchCriteriaId": "CDECAB2E-9CA1-40EE-B69A-64C5785D1B6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.7:-:*:*:*:*:*:*", "matchCriteriaId": "13AA8702-A94F-4F35-B929-B05DF0CCCB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "759BADC5-47FD-4020-96F3-21DE8063FE79", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_1:*:*:*:*:*:*", "matchCriteriaId": "CEC9B593-4A4C-4C36-AC63-EA8C02A9355D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp1_update_2:*:*:*:*:*:*", "matchCriteriaId": "770CE835-2172-4268-BDF9-BA61F73C6150", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:verastream_host_integrator:7.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "23F307D7-9811-4F90-9A8F-B319015112AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files."}, {"lang": "es", "value": "Vulnerabilidad transversal de ruta en Micro Focus Verastream Host Integrator (VHI), versiones 7.7 SP2 y anteriores. La vulnerabilidad permite a atacantes remotos no autenticados leer archivos arbitrarios."}], "id": "CVE-2019-11654", "lastModified": "2023-11-07T03:03:06.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security@opentext.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-23T18:15:11.113", "references": [{"source": "security@opentext.com", "url": "https://support.microfocus.com/kb/doc.php?id=7024061"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}