Vulnerability Name:
CVE-2006-3268 (CCN-27550)
Assigned:
2006-06-28
Published:
2006-06-28
Updated:
2018-10-18
Summary:
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Bypass Security
References:
Source: CCN
Type: Full-Disclosure Mailing List, Thu Jun 29 2006 - 10:14:18 CDT
Novell Security Announcement NOVELL-SA:2006:001
Source: MITRE
Type: CNA
CVE-2006-3268
Source: CCN
Type: SA20888
Novell GroupWise Windows Client Email Access Vulnerability
Source: SECUNIA
Type: Patch, Vendor Advisory
20888
Source: CCN
Type: SECTRACK ID: 1016404
Novell GroupWise API May Let Remote Authenticated Users Access Random User E-mails
Source: SECTRACK
Type: UNKNOWN
1016404
Source: CCN
Type: Novell Technical Information Document TID2973921
GroupWise 7 Client SP1 English Only
Source: CONFIRM
Type: Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm
Source: CCN
Type: Novell Technical Information Document TID2974006
GroupWise 6.5 SP6 Full Update 1
Source: CONFIRM
Type: Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm
Source: CONFIRM
Type: Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm
Source: CCN
Type: OSVDB ID: 26921
Novell GroupWise Windows Client Arbitrary Email Access
Source: BUGTRAQ
Type: UNKNOWN
20060629 Novell Security Announcement NOVELL-SA:2006:001
Source: BID
Type: Patch
18716
Source: CCN
Type: BID-18716
Novell Groupwise Windows Client API Unauthorized Email Access Vulnerability
Source: VUPEN
Type: UNKNOWN
ADV-2006-2594
Source: XF
Type: UNKNOWN
groupwise-windows-client-api-security-bypass(27550)
Source: XF
Type: UNKNOWN
groupwise-windows-client-api-security-bypass(27550)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:novell:groupwise:*:*:32-bit_client:*:*:*:*:*
OR
cpe:/a:novell:groupwise:5.2:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:5.5:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp1:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp2:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp3:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp4:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp1:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp2:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp3:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp4:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp5:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.2:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.3:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.4:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:7.0:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:novell:groupwise:5.2:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:5.5:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.2:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.3:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:7.0:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:::32-bit_client:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5.4:*:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp1:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp2:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp3:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp4:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.5:sp5:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp4:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp3:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp2:*:*:*:*:*:*
OR
cpe:/a:novell:groupwise:6.0:sp1:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
novell
groupwise *
novell
groupwise 5.2
novell
groupwise 5.5
novell
groupwise 6.0
novell
groupwise 6.0 sp1
novell
groupwise 6.0 sp2
novell
groupwise 6.0 sp3
novell
groupwise 6.0 sp4
novell
groupwise 6.5
novell
groupwise 6.5 sp1
novell
groupwise 6.5 sp2
novell
groupwise 6.5 sp3
novell
groupwise 6.5 sp4
novell
groupwise 6.5 sp5
novell
groupwise 6.5.2
novell
groupwise 6.5.3
novell
groupwise 6.5.4
novell
groupwise 7.0
novell
groupwise 5.2
novell
groupwise 5.5
novell
groupwise 6.0
novell
groupwise 6.5
novell
groupwise 6.5.2
novell
groupwise 6.5.3
novell
groupwise 7.0
novell
groupwise
novell
groupwise 6.5.4
novell
groupwise 6.5 sp1
novell
groupwise 6.5 sp2
novell
groupwise 6.5 sp3
novell
groupwise 6.5 sp4
novell
groupwise 6.5 sp5
novell
groupwise 6.0 sp4
novell
groupwise 6.0 sp3
novell
groupwise 6.0 sp2
novell
groupwise 6.0 sp1
Denotes that component is vulnerable