CVE-2016-5762

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html
http://seclists.org/fulldisclosure/2016/Aug/123
http://www.securityfocus.com/archive/1/539296/100/0/threaded
http://www.securityfocus.com/bid/92642
https://www.novell.com/support/kb/doc.php?id=7017975
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:groupwise::::::::
	cpe:2.3:a:novell:groupwise:2014:-::::::
	cpe:2.3:a:novell:groupwise:2014:r2::::::
	cpe:2.3:a:novell:groupwise:2014:sp1::::::
	cpe:2.3:a:novell:groupwise:2014:sp2::::::

History

07 Nov 2023, 02:33

Type	Values Removed	Values Added
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2016/Aug/123 - Mailing List, Third Party Advisory, VDB Entry~~	() http://seclists.org/fulldisclosure/2016/Aug/123 -
References	~~(CONFIRM) https://www.novell.com/support/kb/doc.php?id=7017975 - Vendor Advisory~~	() https://www.novell.com/support/kb/doc.php?id=7017975 -
References	~~(MISC) http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html -
References	~~(MISC) https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt - Exploit, Third Party Advisory, VDB Entry~~	() https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt -
References	~~(BID) http://www.securityfocus.com/bid/92642 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/92642 -
References	~~(BUGTRAQ) http://www.securityfocus.com/archive/1/539296/100/0/threaded - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/539296/100/0/threaded -

Information

Published : 2017-04-20 17:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-5762

Mitre link : CVE-2016-5762

CVE.ORG link : CVE-2016-5762

JSON object : View

Products Affected

novell

groupwise

CWE

CWE-190

Integer Overflow or Wraparound

9.8 /10