Information disclosure in Novell Groupwise

CVE-2014-0600

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

Vulnerability class: Information Disclosure

EPSS: 0.057 (90.6th percentile) — read the EPSS interpretation.

Affected products

Novell Groupwise — versions 2014
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
1030801 (vdb-entry, x_refsource_SECTRACK)