Environment
Novell GroupWise 8
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.
Situation
The WebPublisher component of GroupWise WebAccess is vulnerable to a potential Cross-Site Scripting (XSS) exploit that could potentially be used to redirect users to a malicious website.
This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)
Novell bug 651159, CVE number pending
This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)
Novell bug 651159, CVE number pending
Resolution
To resolve this security issue, update GroupWise WebPublisher to version 8.02 Hot Patch (or later).
Status
Security AlertBug Number
651159