Reflected XSS in GroupWise Administration Console

  • 7017973
  • 23-Aug-2016
  • 24-Aug-2016


GroupWise 2014 R2 (up to and including SP1)
GroupWise 2014


A vulnerability exists in the GroupWise administration console that may allow an attacker to execute javascript in the context of an authenticated user by tricking the user into clicking on a specially crafted link. This could lead to session compromise or enable other browser based attacks.


To resolve this vulnerability, update your GroupWise Server components to GroupWise 2014 R2 Support Pack 1 Hot Patch 1 (or later).
This vulnerability was discovered and reported by Wolfgang Ettlinger working with SEC Consult.
Novell bug 987681, CVE-2016-5760


Security Alert

Bug Number