Resolution for Security Vulnerability in GroupWise Mobile Server 2.0

  • 3003756
  • 21-Nov-2007
  • 10-Dec-2013


GroupWise Mobile Server 2.0


This TID is an information-ONLY document to verify that the GroupWise Mobile Server version 2.0.2 update, (available at includes a fix for a previously disclosed security issue.
Reported as CVE-2007-2592, this vulnerability was discovered by Johannes Greil, SEC Consult, (
Details of the security vulnerability were first published at, which lists the following issues with the Nokia Intellisync Mobile Suite (which is a component of GroupWise Mobile Server).

 * Some ASP scripts under /usrmgr/ list all configured users
 including the mail server address with userid (but no password).

 * Furthermore it is possible to deactivate all users and
 denial access to the system.

 * Some ASP scripts are vulnerable to cross site scripting attacks.


To update your system, download the GroupWise Mobile Server 2.02 from and install as per the instructions included with that update.

For information on updating a GMS 1.0 system to fix this vulnerability, please see KB 5005120 at


Security Alert