GroupWise WebAccess Javascript Cross-Site Scripting (XSS) Security Vulnerability

  • 7006375
  • 30-Jun-2010
  • 27-Apr-2012

Environment

Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise WebAccess

Situation

Novell GroupWise WebAccess is vulnerable to a Javascript XSS exploit in which viewing a specially formatted message could cause users to be redirected to a malicious website.

Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x

This vulnerability was discovered and reported by scriptjunkie scriptjunkie1 {nospam} googlemail {nospam} com  working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)

Novell bug 599865, ZDI-CAN-710, CVE-2010-2778

Resolution

For GroupWise 8, update to Support Pack 2 (SP2) or later.
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)

Status

Security Alert

Feedback service temporarily unavailable. For content questions or problems, please contact Support.