Security Vulnerability: GroupWise Internet Agent (GWIA) iCalendar parsing vulnerability

  • 7010767
  • 11-Sep-2012
  • 14-Sep-2012


GroupWise 8.0x up to and including 8.02HP3


The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses time and date information within a received iCalendar message, which could potentially be exploited by an attacker to cause a Denial-of-Service (DoS) on vulnerable installations of GWIA.


To resolve this vulnerability, apply GroupWise 8.0 Support Pack 3 (or later).

Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIA servers and associated Domains to version 8.0 Support Pack 3 (or later) in order to secure their system.

This vulnerability was discovered and reported by Carsten Eiram, Secunia Research (, Secunia advisory SA45671.

Novell bug 733887, CVE-2011-3827


Security Alert

Bug Number