Environment
All Verisons of Micro Focus GroupWise prior to 18.0.2
Situation
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
Thanks to Vahagn Vardanyan and Arpine Maghakyan for reporting this vulnerability.
See Also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12468
Resolution
Please upgrade to Micro Focus GroupWise version 18.0.2 or newer