Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38756

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

Published

2022-12-16T23:15:09.703

Last Modified

2025-04-18T14:15:18.953

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-532
Type: Secondary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microfocus	groupwise	< 18.4.2	Yes

References

http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html ([email protected])
http://seclists.org/fulldisclosure/2023/Jan/28 ([email protected])
https://portal.microfocus.com/s/article/KM000012374?language=en_US ([email protected])
http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jan/28 (af854a3a-2127-422b-91ae-364da2661108)
https://portal.microfocus.com/s/article/KM000012374?language=en_US (af854a3a-2127-422b-91ae-364da2661108)
https://packetstorm.news/files/id/170768 (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://seclists.org/fulldisclosure/2023/Jan/28 (134c704f-9b21-4f2e-91b3-4a467353bcc0)