Novell GroupWise Windows Client Arbitrary Email Access

medium Nessus Plugin ID 22003

Synopsis

The remote Windows host contains a mail client that may allow unauthorized access to email messages.

Description

The remote host is running GroupWise, an enterprise-class collaboration application from Novell.

The version of GroupWise installed on the remote host contains a flaw in the client API that may allow a user to bypass security controls and gain access to non-authorized email within the same authenticated post office.

Solution

Upgrade to GroupWise 6.5 SP6 Update 1 / 7 SP1 or later.

See Also

http://www.securityfocus.com/advisories/10778

Plugin Details

Severity: Medium

ID: 22003

File Name: groupwise_client_email_access.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 7/5/2006

Updated: 8/22/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SMB/Novell GroupWise Client/Path, SMB/Novell GroupWise Client/Version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/19/2006

Reference Information

CVE: CVE-2006-3268

BID: 18716