NVD

Id
17950  
Name
CVE-2016-1595  
Description
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-04-22  
Modified Date
2016-12-02  
Seq
2016-1595  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98264 17950 CVE-2016-1595 20160410 [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0  View
98265 17950 CVE-2016-1595 https://packetstormsecurity.com/files/136646  View
98266 17950 CVE-2016-1595 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt  View
98267 17950 CVE-2016-1595 39687  View
98268 17950 CVE-2016-1595 https://www.novell.com/support/kb/doc.php?id=7017430  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1614 JVNDB-2016-002387 Micro Focus Novell Service Desk の LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile における HQL インジェクションの脆弱性 Micro Focus Novell Service Desk の LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile には、Hibernate Query Language (HQL) インジェクション攻撃を実行され、重要な情報を取得される脆弱性が存在します。 CVE-2016-1595 88101 CVE-2016-1595 17950 4 6.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002387.html 2016-03-30 2016-05-02 View