High severity7.2NVD Advisory· Published Apr 22, 2016· Updated Jun 17, 2026
CVE-2016-1593
CVE-2016-1593
Description
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:novell:service_desk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:novell:service_desk:*:*:*:*:*:*:*:*range: <=7.1
- (no CPE)range: <7.2
- Range: <7.2
Patches
Vulnerability mechanics
References
8- packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-File-Upload.htmlnvd
- www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rcenvd
- www.securityfocus.com/archive/1/538043/100/0/threadednvd
- packetstormsecurity.com/files/136646nvd
- raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txtnvd
- www.exploit-db.com/exploits/39687/nvd
- www.exploit-db.com/exploits/39708/nvd
- www.novell.com/support/kb/doc.phpnvd
News mentions
0No linked articles in our index yet.