Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published: 2016-04-22T10:00:00
Updated: 2024-08-05T23:02:12.067Z
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1593
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-04-22T10:59:00.123
Modified: 2023-11-07T02:29:59.520
Link: CVE-2016-1593
Redhat
No data.