CVE-2012-4959

Name of the Vulnerable Software and Affected Versions Novell File Reporter version 1.0.2

Description A directory traversal issue exists, allowing remote attackers to upload and execute files. This is achieved by sending a request with a .. (dot dot) in a FILE element of an FSFUI record, specifically via a "130 /FSF/CMD" request.

Recommendations For Novell File Reporter version 1.0.2, consider restricting access to the NFRAgent.exe to minimize the risk of exploitation until a patch is available. Avoid using the FILE element in FSFUI records with dot dot (..) notation in the affected API endpoint until the issue is resolved.