Integer Overflow Vulnerability in Novell GroupWise Email Solutions
CVE-2016-5762

9.8CRITICAL

Key Information:

Vendor

Novell
Status
Groupwise
Vendor
CVE Published:
20 April 2017

What is CVE-2016-5762?

An integer overflow vulnerability exists in the Post Office Agent of Novell GroupWise prior to the 2014 R2 Service Pack 1 Hot Patch 1. This security flaw allows remote attackers to exploit the system by supplying excessively long usernames or passwords, leading to a heap-based buffer overflow. Successful exploitation could permit unauthorized execution of arbitrary code, compromising the integrity and security of the email solution.

References

http://www.securityfocus.com/bid/92642
vdb-entryx_refsource_BID
https://www.novell.com/support/kb/doc.php?id=7017975
x_refsource_CONFIRM
http://packetstormsecurity.com/files/138503/Micro-Focus-G...
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.