Vulnerability CVE-2022-38756


Published: 2022-12-16   Modified: 2022-12-17

Description:
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Micro Focus GroupWise Session ID Disclosure
Stefan Pietsch
28.01.2023

Type:

CWE-598

(Information Exposure Through Query Strings in GET Request)

 References:
https://portal.microfocus.com/s/article/KM000012374?language=en_US

Copyright 2024, cxsecurity.com

 

Back to Top