GroupWise 8 WebAccess Javascript/HTML injection XSS Security Vulnerability

Document ID:7006379
Creation Date:30-Jun-2010
Modified Date:27-Apr-2012
- Micro Focus Products:
  GroupWise

Environment

Novell GroupWise 8
Novell GroupWise WebAccess

Situation

Novell GroupWise WebAccess is vulnerable to a Javascript/HTML injection XSS exploit which could potentially be used to redirect users to a malicious website.

Affected versions: GroupWise 8.0, 8.01x

This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)

Novell bugs 590186, 596970, CVE-2010-2781

Resolution

For GroupWise 8, update to Support Pack 2 (SP2) or later.

Status

Security Alert

Feedback service temporarily unavailable. For content questions or problems, please contact Support.