Lucene search

[email protected]NVD:CVE-2019-6500

HistoryJan 21, 2019 - 6:29 a.m.

CVE-2019-6500

2019-01-2106:29:01

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.012

Percentile

85.1%

JSON

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of ‘.’ characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.

Affected configurations

Nvd

Node

axwayfile_tranfer_directMatch2.7.1

VendorProductVersionCPE
axwayfile_tranfer_direct2.7.1cpe:2.3:a:axway:file_tranfer_direct:2.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
axway	file_tranfer_direct	2.7.1	cpe:2.3:a:axway:file_tranfer_direct:2.7.1:::::::*

References

github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md

inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.012

Percentile

85.1%

JSON

Related for NVD:CVE-2019-6500

prion1 cvelist1 cve1