Security Vulnerability - GroupWise 8 WebPublisher Cross-Site Scripting (XSS)

  • 7007158
  • 04-Nov-2010
  • 26-Apr-2012

Environment

Novell GroupWise 8
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.

Situation

The WebPublisher component of GroupWise WebAccess is vulnerable to a potential Cross-Site Scripting (XSS) exploit that could potentially be used to redirect users to a malicious website.

This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)

Novell bug 651159, CVE number pending

Resolution

To resolve this security issue, update GroupWise WebPublisher to version 8.02 Hot Patch (or later).

Status

Security Alert

Bug Number

651159