LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
References
Configurations
History
21 Nov 2024, 02:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/538043/100/0/threaded - | |
References | () https://packetstormsecurity.com/files/136646 - | |
References | () https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt - | |
References | () https://www.exploit-db.com/exploits/39687/ - | |
References | () https://www.novell.com/support/kb/doc.php?id=7017430 - |
07 Nov 2023, 02:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://packetstormsecurity.com/files/136646 - | |
References | () https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt - | |
References | () https://www.exploit-db.com/exploits/39687/ - | |
References | () http://www.securityfocus.com/archive/1/538043/100/0/threaded - | |
References | () https://www.novell.com/support/kb/doc.php?id=7017430 - |
Information
Published : 2016-04-22 10:59
Updated : 2024-11-21 02:46
NVD link : CVE-2016-1595
Mitre link : CVE-2016-1595
CVE.ORG link : CVE-2016-1595
JSON object : View
Products Affected
novell
- service_desk
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor