CVE-2019-11397 — Path Traversal in Microsoft NET Framework

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

5.7%

top 9.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework Rapidflows Rapid4

Timeline

PublishedMay 14

Latest updateMay 24

Description

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDrapidflows/rapid44.5m.23

▶NVDmicrosoft/net_framework4.5

🔴Vulnerability Details

GHSA

GHSA-9hwh-vc95-7qcc: GetFile↗2022-05-24

▶

CVEList

CVE-2019-11397: GetFile↗2019-05-14

▶