CVE-2009-1634

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
novellgroupwise
7.0
novellgroupwise
7.0.0:sp1
novellgroupwise
7.0.0:sp2
novellgroupwise
7.0.2
novellgroupwise
7.0.3
novellgroupwise
7.03:hp1a
novellgroupwise
7.03:hp2
novellgroupwise
8.0
novellgroupwise
8.0:hp1
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/35177
http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1
http://www.securityfocus.com/bid/35066
http://www.vupen.com/english/advisories/2009/1393
https://bugzilla.novell.com/show_bug.cgi?id=472979
https://exchange.xforce.ibmcloud.com/vulnerabilities/50688
http://secunia.com/advisories/35177
http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1
http://www.securityfocus.com/bid/35066
http://www.vupen.com/english/advisories/2009/1393
https://bugzilla.novell.com/show_bug.cgi?id=472979
https://exchange.xforce.ibmcloud.com/vulnerabilities/50688