Improper Access Control in OpenText GroupWise Affects Multiple Versions
CVE-2025-0885
1.8LOW
What is CVE-2025-0885?
The vulnerability in OpenText™ GroupWise stems from incorrect authorization settings, which can lead to unauthorized access to private calendar entries. Attackers can exploit misconfigured access control levels, potentially compromising sensitive information in calendar items across various versions of the GroupWise product.
Affected Version(s)
GroupWise 7 <= 17.5
GroupWise 23.4
GroupWise 24.1
References
CVSS V4
Score:
1.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved