Skip to main content

Novell GroupWise Multiple Vulnerabilities

Last Update Date: 27 Sep 2011 12:26 Release Date: 27 Sep 2011 6016 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Novell GroupWise, which can be exploited by malicious people to conduct cross-site scripting attacks, denial of service attack and compromise a user's system.

  1. The GroupWise Internet Agent (GWIA) is vulnerable to a DoS exploit whereby an attacker could potentially cause the application to crash by inputting certain data.
  2. A vulnerability exists in the Oracle "Outside In" technology used by GroupWise to view Microsoft DOCX, Lotus 123 and Microsoft CAB file attachments that could potentially allow an unauthenticated attacker could execute arbitrary code.
  3. The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the time zone description (TZNAME) variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
  4. The HTTP interface of the GroupWise Internet Agent (GWIA) is vulnerable to an exploit whereby an attacker could potentially trigger a stack overflow and execute arbitrary code.
  5. The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses a weekday, weekly or yearly calendar recurrence (RRULE) variable within a received VCALENDAR message. The vulnerability could could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
  6. GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in the "Directory.Item.name" parameter whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.

Impact

  • Cross-Site Scripting
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Novell GroupWise 8.0x, 8.01x, 8.02HP1, 8.02HP2.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link