CVE-2016-1594

Name of the Vulnerable Software and Affected Versions Micro Focus Novell Service Desk versions prior to 7.2

Description The issue allows remote authenticated users to read arbitrary attachments via a request to a "LiveTime.woa" URL. This can be achieved by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.

Recommendations For versions prior to 7.2, update to version 7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "LiveTime.woa" URL and the downloadLogFiles and downloadFile actions to minimize the risk of exploitation.