CVE-2019-3489

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.

Published: Apr 1, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3489
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
microfocus / content_manager	9.1	9.3.x

https://softwaresupport.softwaregrp.com/doc/KM03359911

Vulnerability Database

289,599

CVE-2019-3489