Security Vulnerability: GroupWise 2014 Admin Service Arbitrary File Retrieval Vulnerability

  • 7015566
  • 20-Aug-2014
  • 26-Aug-2014

Environment

GroupWise 2014 Administration Service

Situation

A vulnerability exists in the GroupWise 2014 Administration service that could potentially allow an attacker to access files on the server where gwadminservice is running.

Resolution

To resolve this vulnerability, apply GroupWise 2014 Suppport Pack 1 (SP1) or later.

Cause

This vulnerability was discovered and reported by Andrea Micalizzi (rgod) working with HP's Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-2287.

Novell bug 879192, CVE-2014-0600

Status

Security Alert

Bug Number

879192