CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
CVE-2022-38756

4.3MEDIUM

Key Information:

Vendor: Micro Focus
Status: Micro Focus Groupwise Web
Vendor: CVE Published:; 16 December 2022

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2022-38756?

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

Affected Version(s)

Micro Focus GroupWise Web < 18.4.2

References

https://portal.microfocus.com/s/article/KM000012374?langu...

http://packetstormsecurity.com/files/170768/Micro-Focus-G...

http://seclists.org/fulldisclosure/2023/Jan/28

mailing-list

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
Aug 25, 2022

Credit

Micro Focus would like to thank Stefan Pietsch from Trovent Security GmbH for their work discovering and reporting this vulnerability.