Environment
Novell Service Desk 7.0.3
Novell Service Desk 7.1
Novell Service Desk 7.1
Situation
There was a vulnerability in the access control enforcement of the file download functionality that may have allowed a remote attacker authenticated as a non-privileged user to read arbitrary file attachments from other users in the system.
This has been reported as CVE-2016-1594.
This has been reported as CVE-2016-1594.
Resolution
This has been fixed in Micro Focus Service Desk 7.2.
Additional Information
Thanks to Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security for discovering and reporting this vulnerability.