Remote File Access Vulnerability in Novell GroupWise Administration Service
CVE-2014-0600

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 29 August 2014

Summary

The Administration service in Novell GroupWise 2014 before SP1 is susceptible to a remote file access vulnerability. By exploiting the poLibMaintenanceFileSave parameter, attackers can gain unauthorized access to read or write arbitrary files on the server, potentially leading to data leakage or manipulation. This flaw poses significant risks to system integrity and confidentiality, necessitating prompt remediation.

References

https://bugzilla.novell.com/show_bug.cgi?id=879192

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7015566

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-14-296/

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Dec 28, 2013