Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1595

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
3.5%
top 12.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Service Desk
Timeline
PublishedApr 22
Latest updateMay 14

Description

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gqjp-rg2w-6r7j: LiveTime/WebObjects/LiveTime2022-05-14
CVEList
CVE-2016-1595: LiveTime/WebObjects/LiveTime2016-04-22

💥Exploits & PoCs

1
Exploit-DB
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities2016-04-11
CVE-2016-1595 (MEDIUM CVSS 6.5) | LiveTime/WebObjects/LiveTime.woa/wa | cvebase.io