Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0272

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0272
Last Modified 05 Feb 2009 01:53:26
Published 02 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0272

Summary

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.

Vulnerable Systems

Application

  • Novell Groupwise 6.5

  • Novell Groupwise 7.0

  • Novell Groupwise 7.01

  • Novell Groupwise 7.02x

  • Novell Groupwise 7.03

  • Novell Groupwise 8.0


References

BUGTRAQ - 20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks

MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21

CONFIRM - http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319

SECUNIA - 33744


Last Updated: 27 May 2016 10:50:11