CVE-2016-1593

Publication date

2016-04-22 10:00:00

Family

microfocus

State

PUBLISHED

Description

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.