CVE-2016-1610

Name of the Vulnerable Software and Affected Versions Novell Filr versions prior to 1.2 Security Update 3 Novell Filr versions 2.0 prior to Security Update 2

Description The issue allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. This is due to a directory traversal vulnerability in the email-template feature.

Recommendations For Novell Filr versions prior to 1.2 Security Update 3, apply Security Update 3 to resolve the issue. For Novell Filr versions 2.0 prior to Security Update 2, apply Security Update 2 to resolve the issue. As a temporary workaround, consider restricting access to the email-template feature until a patch is available.