CVE-2014-0600

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 2014 SP1

Description The issue allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter in the FileUploadServlet of the Administration service. This could potentially lead to information disclosure.

Recommendations For versions prior to 2014 SP1, update to Novell GroupWise 2014 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadServlet in the Administration service to minimize the risk of exploitation. Avoid using the poLibMaintenanceFileSave parameter in the affected API endpoint until the issue is resolved.