Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Security Vulnerability - Reflected Cross-site scripting (XSS) vulnerability in GroupWise Document Viewer Agent (DVA)

This document (7018371) is provided subject to the disclaimer at the end of this document.


GroupWise 2014 R2 Support Pack 1 Hot Patch 2
GroupWise Document Viewer Agent


A reflected XSS vulnerability exists in the web console of the GroupWise Document Viewer Agent that may enable a remote attacker to execute javascript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
This vulnerability was discovered and reported by Michael Statman at Emes Consulting (  Micro Focus bug 986327, CVE-2016-9169


To resolve this vulnerability, apply GroupWise 2014 R2 Support Pack 1 Hot Patch 2 (or later).
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GroupWise server components to GroupWise 2014 R2 Support Pack 1 Hot Patch 2 in order to secure their system.


Security Alert

Bug Number



This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7018371
  • Creation Date:07-DEC-16
  • Modified Date:07-DEC-16
    • NovellGroupWise

Did this document solve your problem? Provide Feedback