US-CERT Current Activity – Novell Releases Updates for GroupWise
The following US-Cert announcements have been released for the Novell GroupWise messaging system:
US-CERT Current Activity
Novell Releases Updates for GroupWise
Original release date: May 22, 2009 at 12:07 pm
Last revised: May 22, 2009 at 12:07 pm
Novell has released updates for GroupWise 7 and 8 to address multiple
vulnerabilities in GroupWise WebAccess and Internet Agents. These
vulnerabilities may allow an attacker to execute arbitrary code,
conduct cross-site scripting attacks, or obtain unauthorized access.US-CERT encourages users and administrators to review the following
Novell documents and apply any necessary updates to help mitigate the
risks:
* Novell GroupWise WebAccess – Security Vulnerability with
Javascript
* Novell GroupWise WebAccess – Scripting Security Vulnerability
* Novell GroupWise WebAccess – Cross Site Scripting (XSS) Security
Vulnerability via Unfiltered Style Expressions
* Novell GroupWise WebAccess – Security Vulnerability in Session
Management Mechanisms
* Novell GroupWise Internet Agent (GWIA) – Security Vulnerability in
Email Address Processing
* Novell GroupWise Internet Agent (GWIA) – Security Vulnerability
Processing SMTP RequestsRelevant Url(s):
<http://www.novell.com/support/viewContent.do?externalId=7003271><http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1>
<http://www.novell.com/support/viewContent.do?externalId=7003268>
<http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1>
<http://www.novell.com/support/viewContent.do?externalId=7003266>
<http://www.novell.com/support/viewContent.do?externalId=7003267>
====
This entry is available at
http://www.us-cert.gov/current/index.html#novell_releases_updates_for_groupwise1
