Environment
Novell GroupWise 8
Novell GroupWise WebAccess
Novell GroupWise WebAccess
Situation
Novell GroupWise WebAccess is vulnerable to a Javascript/HTML injection XSS exploit which could potentially be used to redirect users to a malicious website.
Affected versions: GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)
Novell bugs 590186, 596970, CVE-2010-2781
Affected versions: GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)
Novell bugs 590186, 596970, CVE-2010-2781
Resolution
For GroupWise 8, update to Support Pack 2 (SP2) or later.