Novell GroupWise Client 8.x < 8.0.3 Hot Patch 3 / 2012.x < 2012 SP2 XSS

medium Nessus Plugin ID 69477

Synopsis

The remote Windows host contains an email application that is affected by a cross-site scripting vulnerability.

Description

The version of Novell GroupWise Client installed on the remote Windows host is 8.x prior to 8.0.3 Hot Patch 3 (8.0.3.28711) or 2012.x prior to 2012 SP2 (12.0.2.18211). It is, therefore, reportedly affected by a cross-site scripting vulnerability.

Solution

Upgrade to Novell GroupWise Client 8.0.3 Hot Patch 3 (8.0.3.28711) / 2012 SP2 (12.0.2.18211) or later. Additionally, apply the required registry changes from the advisory.

See Also

https://support.microfocus.com/kb/doc.php?id=7012063

Plugin Details

Severity: Medium

ID: 69477

File Name: groupwise_client_803_hp3.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 7/19/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:novell:groupwise

Required KB Items: SMB/Novell GroupWise Client/Path, SMB/Novell GroupWise Client/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/2/2013

Vulnerability Publication Date: 4/2/2013

Reference Information

CVE: CVE-2013-1087

BID: 61188

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990