CVE-2022-38756 – CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
https://notcve.org/view.php?id=CVE-2022-38756
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. Se ha identificado una vulnerabilidad en Micro Focus GroupWise Web en versiones anteriores a la 18.4.2. El componente web de GW realiza una solicitud al Agente de la oficina postal que contiene información confidencial en los parámetros de consulta que podrían registrar los servidores proxy HTTP que intervienen. Micro Focus GroupWise is a messaging software for email and personal information management. • http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html http://seclists.org/fulldisclosure/2023/Jan/28 https://portal.microfocus.com/s/article/KM000012374?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-12468 – Arbitrary File Upload in GroupWise Administration Console
https://notcve.org/view.php?id=CVE-2018-12468
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. Una vulnerabilidad en la consola de administración de Micro Focus GroupWise en versiones anteriores a 18.0.2 podría permitir que un atacante remoto autenticado como administrador suba archivos en una ruta arbitraria en el servidor. En determinadas circunstancias, esto podría resultar en la ejecución remota de código. • https://www.novell.com/support/kb/doc.php?id=7023223 • CWE-434: Unrestricted Upload of File with Dangerous Type •