CVE-2019-16384

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
04/06/2020
Last modified:
05/06/2020

Description

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:* 2.5.17.2 (including)