Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1593

CWE-22Path Traversal5 documents4 sources
Severity
7.2HIGH
EPSS
85.1%
top 0.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Service Desk
Timeline
PublishedApr 22
Latest updateMay 14

Description

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cx5g-qjmj-w6xf: Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 72022-05-14
CVEList
CVE-2016-1593: Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 72016-04-22

💥Exploits & PoCs

2
Exploit-DB
Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit)2016-04-18
Exploit-DB
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities2016-04-11
CVE-2016-1593 (HIGH CVSS 7.2) | Directory traversal vulnerability i | cvebase.io