LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published: 2016-04-22T10:00:00
Updated: 2024-08-05T23:02:12.178Z
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1595
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-04-22T10:59:02.530
Modified: 2023-11-07T02:30:00.017
Link: CVE-2016-1595
Redhat
No data.