Path Traversal in Novell Groupwise

CVE-2012-0410

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.026 (85.9th percentile) — read the EPSS interpretation.

Affected products

Novell Groupwise — versions 5.2, 5.5, 5.57e
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

1027217 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)