CVE-2017-7433: Path Traversal
First published: Thu May 18 2017(Updated: )
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus Vibe | <=4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7433?
CVE-2017-7433 has been rated with a critical severity due to its ability to allow unauthorized access to sensitive files.
How do I fix CVE-2017-7433?
To remediate CVE-2017-7433, upgrade Micro Focus Vibe to version 4.0.3 or later.
What types of systems are affected by CVE-2017-7433?
CVE-2017-7433 affects Micro Focus Vibe versions 4.0.2 and earlier.
Can CVE-2017-7433 be exploited without authentication?
Yes, CVE-2017-7433 can be exploited by remote authenticated attackers without requiring authentication.
What is the nature of the vulnerability in CVE-2017-7433?
CVE-2017-7433 is an absolute path traversal vulnerability that allows attackers to download arbitrary files from the server.
- collector/nvd-index
- vendor/micro focus
- canonical/micro focus vibe
- version/micro focus vibe/4.0.2