The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.
References
Link | Resource |
---|---|
https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2020-apr-06 | Patch Vendor Advisory |
https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-2020-apr-06 | Vendor Advisory |
https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-06 | Patch Vendor Advisory |
https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_19.2 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-05-07 10:15
Updated : 2020-05-12 11:12
NVD link : CVE-2020-11431
Mitre link : CVE-2020-11431
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
inetsoftware
- pdfc
- clear_reports
- helpdesk