OS command injection in Filr admin (CVE-2016-1608)

  • 7017789
  • 29-Jun-2016
  • 22-Jul-2016


Novell Filr 2.0
Novell Filr 1.2


A vulnerability in the Novell Filr admin may allow a remote attacker authenticated as an admin to execute arbitrary OS commands on the Filr server as the root user. Note that when used in conjunction with  CVE-2016-1607 (TID 7017786), that a remote attacker may be able to perform this attack without authentication by targeting a Filr admin user.


A fix for this issue is available in the Filr 2.0 Security Update 2 and Filr 1.2 Security Update 3, available via the Novell Patch Finder.

Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.