Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1594

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
4.7%
top 10.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Service Desk
Timeline
PublishedApr 22
Latest updateMay 14

Description

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wxmr-mcvm-5j4v: Micro Focus Novell Service Desk before 72022-05-14
CVEList
CVE-2016-1594: Micro Focus Novell Service Desk before 72016-04-22

💥Exploits & PoCs

1
Exploit-DB
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities2016-04-11
CVE-2016-1594 (MEDIUM CVSS 6.5) | Micro Focus Novell Service Desk bef | cvebase.io