Vulnerabilities > Novell > Service Desk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-22 | CVE-2016-1596 | Cross-site Scripting vulnerability in Novell Service Desk 7.1 Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. | 5.4 |
| 2016-04-22 | CVE-2016-1595 | Information Exposure vulnerability in Novell Service Desk 7.1 LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. | 6.5 |
| 2016-04-22 | CVE-2016-1594 | Information Exposure vulnerability in Novell Service Desk 7.1 Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. | 6.5 |
| 2016-04-22 | CVE-2016-1593 | Path Traversal vulnerability in Novell Service Desk 7.1 Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. | 7.2 |