Service Desk HQL (Hibernate Query Language) Injection Vulnerability in the File Download Functionality (CVE-2016-1595)

  • 7017430
  • 30-Mar-2016
  • 04-Apr-2016

Environment

Novell Service Desk 7.0.3
Novell Service Desk 7.1

Situation

There was an HQL (Hibernate Query Language) injection vulnerability in the file download functionality that may have allowed a remote attacker authenticated as a non-privileged user to alter the HQL query being run against the database. This could lead to database information disclosure or download of arbitrary files from the server.

This has been reported as CVE-2016-1595.

Resolution

This has been fixed in Micro Focus Service Desk 7.2.

Additional Information

Thanks to Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security for discovering and reporting this vulnerability.