CVE-2022-38756
CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
Se ha identificado una vulnerabilidad en Micro Focus GroupWise Web en versiones anteriores a la 18.4.2. El componente web de GW realiza una solicitud al Agente de la oficina postal que contiene información confidencial en los parámetros de consulta que podrían registrar los servidores proxy HTTP que intervienen.
Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-25 CVE Reserved
- 2022-12-16 CVE Published
- 2024-07-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microfocus Search vendor "Microfocus" | Groupwise Search vendor "Microfocus" for product "Groupwise" | < 18.4.2 Search vendor "Microfocus" for product "Groupwise" and version " < 18.4.2" | - |
Affected
|