PT-2014-3700 · Novell · Novell Groupwise

Published

2014-08-26

Updated

2017-01-07

CVE-2014-0600

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 2014 SP1

Description The issue allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter in the FileUploadServlet of the Administration service. This could potentially lead to information disclosure.

Recommendations For versions prior to 2014 SP1, update to Novell GroupWise 2014 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadServlet in the Administration service to minimize the risk of exploitation. Avoid using the poLibMaintenanceFileSave parameter in the affected API endpoint until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-0600

ZDI-14-296

Affected Products

Novell Groupwise

PT-2014-3700 · Novell · Novell Groupwise

CVE-2014-0600

Weakness Enumeration

Related Identifiers

Affected Products

References · 7