Skip to main content

Groupwise CVE-2012-0410

MEDIUM
Path Traversal (CWE-22)
2012-07-05 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 05, 2012 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.

AnalysisAI

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. Affected products include: Novell Groupwise. Version information: before 8.03.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2012-0439 CRITICAL POC
9.3 Feb 24

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows r

CVE-2012-0419 MEDIUM POC
5.0 Sep 28

Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 be

CVE-2012-0271 CRITICAL POC
10.0 Sep 19

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 befo

CVE-2013-0804 CRITICAL POC
10.0 Feb 24

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary

CVE-2016-5762 CRITICAL
9.8 Apr 20

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remo

CVE-2014-0610 CRITICAL
10.0 Sep 05

The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers

CVE-2012-0417 CRITICAL
10.0 Sep 28

Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Suppor

CVE-2012-0418 CRITICAL
9.3 Sep 28

Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on

CVE-2014-0600 HIGH
7.8 Aug 29

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or w

CVE-2018-12468 HIGH
7.2 Aug 01

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attack

CVE-2016-9169 MEDIUM
6.1 Mar 23

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2

CVE-2016-5761 MEDIUM
6.1 Apr 20

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote att

Share

CVE-2012-0410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy