CVE-2016-1593
published 2016-04-22CVE-2016-1593: Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to…
high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | service_desk | <= 7.1 | — |