GCVE - cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*

part: a version: 7.03 update: hp2

Vendor	Novell (`4a1c187d-e568-531f-92b0-685a3df2807c`)
Product	Groupwise (`7e0bb26e-48ac-551b-b90c-28323a79fe23`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-1087`	vulnerable	2026-06-03 14:32:47.946072	Details available Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. Published: 2013-07-15T20:00:00.000Z Updated: 2024-09-16T22:55:44.818Z Open on db.gcve.eu Reference links https://bugzilla.novell.com/show_bug.cgi?id=799673 http://www.novell.com/support/kb/doc.php?id=7012063	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1086`	vulnerable	2026-06-03 14:32:47.941914	Details available Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. Published: 2013-04-19T10:00:00.000Z Updated: 2024-08-06T14:49:20.697Z Open on db.gcve.eu Reference links http://www.novell.com/support/kb/doc.php?id=7012064 https://bugzilla.novell.com/show_bug.cgi?id=802906 http://secunia.com/advisories/53098	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0410`	vulnerable	2026-06-03 14:31:36.776004	Details available Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. Published: 2012-07-05T14:00:00.000Z Updated: 2024-08-06T18:23:31.047Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1027217 https://bugzilla.novell.com/show_bug.cgi?id=712163 http://www.novell.com/support/kb/doc.php?id=7000708	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0271`	vulnerable	2026-06-03 14:31:35.257472	Details available Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. Published: 2012-09-19T10:00:00.000Z Updated: 2024-08-06T18:23:29.197Z Open on db.gcve.eu Reference links http://www.novell.com/support/kb/doc.php?id=7010769 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61 https://bugzilla.novell.com/show_bug.cgi?id=746199 http://osvdb.org/85426	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1762`	vulnerable	2026-06-03 14:29:37.310913	Details available Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. Published: 2009-05-22T16:25:00.000Z Updated: 2024-08-07T05:27:53.735Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2009/1393 https://bugzilla.novell.com/show_bug.cgi?id=484942 http://secunia.com/advisories/35177 http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1636`	vulnerable	2026-06-03 14:29:36.846872	Details available Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. Published: 2009-05-26T15:16:00.000Z Updated: 2024-08-07T05:20:35.147Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2009/1393 https://bugzilla.novell.com/show_bug.cgi?id=482914 http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php http://secunia.com/advisories/35177 http://www.securityfocus.com/bid/35064	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1635`	vulnerable	2026-06-03 14:29:36.846066	Details available Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. Published: 2009-05-22T16:25:00.000Z Updated: 2024-08-07T05:20:34.601Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/50689 http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1 http://www.vupen.com/english/advisories/2009/1393 https://bugzilla.novell.com/show_bug.cgi?id=484942 http://www.securityfocus.com/archive/1/503885/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1634`	vulnerable	2026-06-03 14:29:36.839439	Details available The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. Published: 2009-05-26T15:16:00.000Z Updated: 2024-08-07T05:20:35.029Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2009/1393 http://secunia.com/advisories/35177 http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1 http://www.securityfocus.com/bid/35066 https://exchange.xforce.ibmcloud.com/vulnerabilities/50688	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.