CVE-2016-5762

EPSS 8.93%
Published 20.04.2017 17:59:00
Last modified 20.04.2025 01:37:25
Source security@opentext.com
Teams watchlist Login
Open Login

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Novell ≫ Groupwise Version <= 2012

Novell ≫ Groupwise Version2014 Update-

Novell ≫ Groupwise Version2014 Updater2

Novell ≫ Groupwise Version2014 Updatesp1

Novell ≫ Groupwise Version2014 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.93%	0.923

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html

http://seclists.org/fulldisclosure/2016/Aug/123

http://www.securityfocus.com/archive/1/539296/100/0/threaded

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt

http://www.securityfocus.com/bid/92642

https://www.novell.com/support/kb/doc.php?id=7017975

https://nvd.nist.gov/vuln/detail/CVE-2016-5762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5762

EUVD