Arbitrary File Upload Vulnerability in GroupWise Administration Console (CVE-2018-12468)

  • 7023223
  • 27-Jul-2018
  • 01-Aug-2018


All Verisons of Micro Focus GroupWise prior to 18.0.2


A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.

Thanks to Vahagn Vardanyan  and Arpine Maghakyan  for reporting this vulnerability.

See Also:


Please upgrade to Micro Focus GroupWise version 18.0.2 or newer


Security Alert