← back
CVE-2016-1593

CVE-2016-1593

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 64%
from disclosure to weapon0 days
Published on NVDApr 22
1st PoCApr 11
metasploitMar 30
exploitation probability
64%top 1% of all CVEs
observed exploitation
nono source reports it
6 public exploit(s)
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.