Summary
Novell Groupwise is prone to an arbitrary file-access vulnerability.
Impact
An attacker can exploit this issue to retrieve or delete arbitrary files, which may aid in further attacks.
Solution
Updates are available. Please see the references or vendor advisory for more information.
Insight
FileUploadServlet in the Administration service allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave paramete
Affected
Novell GroupWise 2014 before SP1
Detection
Send a POST request and check the response
References
Severity
Classification
-
CVE CVE-2014-0600 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities