A cross-site scripting flaw exists with Novell GroupWise WebAccess.

  • 3574517
  • 31-Jul-2006
  • 27-Apr-2012

Environment

Novell GroupWise WebAccess 7
Novell GroupWise WebAccess 6.5

Situation

A cross-site scripting flaw exists with Novell GroupWise WebAccess within the login page.
 
An outside security researcher reported a cross-site scripting flaw in GroupWise WebAccess.
This flaw is due to insufficient sanitizationfor the form variable GWAP.version.

Resolution

This has been fixed in any build of GroupWise 7 WebAccess dated after July 27, 2006.
This has been fixed in any build of GroupWise 6.5 WebAccess dated after July 21, 2006.
 
Hot Patch for GroupWise 7 are available here: https://support.novell.com/filefinder/20641/beta.html
Field test files for GroupWise 6.5 are available here: https://support.novell.com/filefinder/16963/beta.html

Status

Security Alert

Additional Information

Vulnerability discovered by:
Jerome Odegaard.
Larson, Allen, Weishair & Co,.LLP
 

This vulnerability has been assigned the identifier CVE-2006-3818 by the CVE database.