漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Micro Focus Vibe 路径遍历漏洞
Vulnerability Description
Micro Focus Vibe(前称Novell Vibe)是英国Micro Focus公司的一套团队协作管理解决方案。该方案具有文件共享、构建动态表单和工作流程等功能。 Micro Focus Vibe 4.0.2及之前的版本中存在路径遍历漏洞。远程攻击者可通过向viewFile终端提交特制的请求利用该漏洞从服务器中下载任意文件。
CVSS Information
N/A
Vulnerability Type
N/A