Vulnerability Details CVE-2019-11013
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.876
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.html
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
- http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.html
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
Products affected by CVE-2019-11013
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.2-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.3-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.4-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.5-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.6-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-10
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-11
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.7-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.8-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-10
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-11
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-12
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-13
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-14
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.0.9-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.0-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-10
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-11
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.1-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-10
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.2-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.3-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.3-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.4-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.4-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.4-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.5-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.6-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.6-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.6-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.6-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.7-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.7-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.8-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.1.9-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.0-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.1-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.1-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.1-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.2-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.2-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.2-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.2-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.2-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.3-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.4-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.5-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.5-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.6-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.7-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.8-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.8-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.8-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.2.9-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.0-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.0-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.1-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.2-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.2-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.3.2-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.0-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.1-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.2-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.4.3-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.0-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.0-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.0-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.0-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.0-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.1-9
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.2-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.3-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-1
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-2
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-3
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-4
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-5
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-6
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-7
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-8
-
cpe:2.3:a:softvelum:nimble_streamer:3.5.4-9