CVE-2016-1593

high-risk
Published 2016-04-22

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

Do I need to act?

!
85.1% chance of exploitation in next 30 days
EPSS score — higher than 15% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
39687, 39708
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Service Desk

Affected Vendors

Novell

References (16)

http://packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-Fil...
http://www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rce
http://www.securityfocus.com/archive/1/538043/100/0/threaded
https://packetstormsecurity.com/files/136646
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-de...
https://www.exploit-db.com/exploits/39687/
https://www.exploit-db.com/exploits/39708/
https://www.novell.com/support/kb/doc.php?id=7017428
http://packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-Fil...
http://www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rce
http://www.securityfocus.com/archive/1/538043/100/0/threaded
https://packetstormsecurity.com/files/136646
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-de...
https://www.exploit-db.com/exploits/39687/
https://www.exploit-db.com/exploits/39708/
https://www.novell.com/support/kb/doc.php?id=7017428
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal