Arbitrary File Upload Vulnerability in GroupWise Administration Console (CVE-2018-12468)

  • Document ID:7023223
  • Creation Date:27-Jul-2018
  • Modified Date:01-Aug-2018
    • Micro Focus Products:
      GroupWise

Environment

All Verisons of Micro Focus GroupWise prior to 18.0.2

Situation

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.

Thanks to Vahagn Vardanyan  and Arpine Maghakyan  for reporting this vulnerability.

See Also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12468

Resolution

Please upgrade to Micro Focus GroupWise version 18.0.2 or newer

Status

Security Alert