CVE-2022-38756
Summary
| CVE | CVE-2022-38756 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-16 23:15:00 UTC |
| Updated | 2023-11-07 03:50:00 UTC |
| Description | A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microfocus | Groupwise | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Micro Focus GroupWise Session ID Disclosure ≈ Packet Storm | packetstormsecurity.com | ||
| Portal | portal.microfocus.com | ||
| Full Disclosure: Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL | seclists.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Micro Focus would like to thank Stefan Pietsch from Trovent Security GmbH for their work discovering and reporting this vulnerability.
There are currently no legacy QID mappings associated with this CVE.