A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

Published : 2019-02-20 22:29 Updated : 2019-10-09 23:49

CVSS Score More info
Score 4.0 / 10
Vendor Product Version URI
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:-
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:update_1
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:update_2
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:update_3
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:update_4
Microfocus Filr 3.0 cpe:/a:microfocus:filr:3.0:update_5
  1. Microfocus (1) Search CVE
    1. Filr (1) Search CVE
      1. 3.0


ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2019-03-05 14:47
2019-03-05 11:29
2019-02-21 15:40
2019-02-20 22:29