VYPR

Service Desk

by Novell

CVEs (5)

  • CVE-2016-1593HigApr 22, 2016
    risk 0.55cvss 7.2epss 0.64

    Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a…

  • CVE-2016-1595MedApr 22, 2016
    risk 0.46cvss 6.5epss 0.07

    LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.

  • CVE-2016-1594MedApr 22, 2016
    risk 0.46cvss 6.5epss 0.07

    Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.

  • CVE-2016-1596MedApr 22, 2016
    risk 0.38cvss 5.4epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent,…

  • CVE-2025-26393MedMar 17, 2025
    risk 0.35cvss 5.4epss 0.00

    SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.