Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Filtered by product Service Desk
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1596 1 Novell 1 Service Desk 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
CVE-2016-1595 1 Novell 1 Service Desk 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
CVE-2016-1594 1 Novell 1 Service Desk 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
CVE-2016-1593 1 Novell 1 Service Desk 2024-11-21 6.5 MEDIUM 7.2 HIGH
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.