CVE-2014-0600

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 29 August 2014

Summary

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

References

https://bugzilla.novell.com/show_bug.cgi?id=879192

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7015566

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-14-296/

x_refsource_MISC

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Dec 28, 2013

Collectors

NVD DatabaseMitre Database