Published: 22/04/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk prior to 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell service desk

>> Multiple vulnerabilities in Novell Service Desk 710, 703 and 65 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Disclosure: 30/03/2016 / Last updated: 10/04/2016 >> Background on the affected products: "Novell S ...

Novell Service Desk versions 710 and below suffer from code execution, information disclosure, cross site scripting, remote file upload, HQL injection, and traversal vulnerabilities ...

CWE-200 https://www.novell.com/support/kb/doc.php?id=7017430 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt https://packetstormsecurity.com/files/136646 http://www.securityfocus.com/archive/1/538043/100/0/threaded https://www.exploit-db.com/exploits/39687/https://nvd.nist.gov https://www.exploit-db.com/exploits/39687/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1595

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect