CVE-2016-1595

MEDIUM

Micro Focus Novell Service Desk <7.2 - SQL Injection

Title source: llm
STIX 2.1

Description

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.

Exploits (1)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/39687

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7017430
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/136646
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538043/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39687/

Scores

CVSS v3 6.5
EPSS 0.0352
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
novell/service_desk < 7.1
Published Apr 22, 2016
Tracked Since Feb 18, 2026