Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Vibe Arbitrary File Download (CVE-2017-7433)

This document (7019005) is provided subject to the disclaimer at the end of this document.


Micro Focus Vibe 4.0.2 (and earlier)


An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).


A fix for this issue is available in Micro Focus Vibe 4.0.3.

Additional Information

CVE-2017-7433 (More details:

Special thanks to Kacper Szurek ( for reporting this issue.


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7019005
  • Creation Date:17-MAY-17
  • Modified Date:17-MAY-17
    • NovellVibe

Did this document solve your problem? Provide Feedback