CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.

Published: May 7, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11431
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
inetsoftware / pdfc	4.3	6.2.x
inetsoftware / helpdesk	8.0	8.3.x
inetsoftware / clear_reports	16.0	19.2.x

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_19.2
https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2020-apr-06
https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-2020-apr-06
https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-06

Vulnerability Database

CVE-2020-11431