Service Desk Vulnerability in the Access Control Enforcement of the File Download Functionality (CVE-2016-1594)

  • 7017429
  • 30-Mar-2016
  • 04-Apr-2016


Novell Service Desk 7.0.3
Novell Service Desk 7.1


There was a vulnerability in the access control enforcement of the file download functionality that may have allowed a remote attacker authenticated as a non-privileged user to read arbitrary file attachments from other users in the system.

This has been reported as CVE-2016-1594.


This has been fixed in Micro Focus Service Desk 7.2.

Additional Information

Thanks to Pedro Ribeiro ( from Agile Information Security for discovering and reporting this vulnerability.