Service Desk Path Traversal Vulnerability (CVE-2016-1593)

  • 7017428
  • 30-Mar-2016
  • 04-Apr-2016


Novell Service Desk 7.0.3
Novell Service Desk 7.1


There was a path traversal vulnerability in the import users functionality that may have allowed a remote attacker authenticated as an administrative user to upload arbitrary files to the server. Depending on the payload and placement of the uploaded file, this could lead to remote code execution.

This has been reported as CVE-2016-1593.


This is fixed in Micro Focus Service Desk 7.2.

Additional Information

Thanks to Pedro Ribeiro ( from Agile Information Security for discovering and reporting this vulnerability.