| Vulnerability Name: | CVE-2009-1634 (CCN-50688) | ||||||||
| Assigned: | 2009-05-14 | ||||||||
| Published: | 2009-05-14 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-1634 Source: CCN Type: SA35177 Novell GroupWise Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 35177 Source: CCN Type: Novell Document ID: 7003266 Novell GroupWise WebAccess - Security Vulnerability in Session Management Mechanisms Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1 Source: CCN Type: OSVDB ID: 54640 Novell GroupWise WebAccess Session Management Mechanism Bypass Source: BID Type: UNKNOWN 35066 Source: CCN Type: BID-35066 Novell GroupWise WebAccess Multiple Security Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2009-1393 Source: MISC Type: Vendor Advisory https://bugzilla.novell.com/show_bug.cgi?id=472979 Source: XF Type: UNKNOWN groupwise-session-unauth-access(50688) Source: XF Type: UNKNOWN groupwise-session-unauth-access(50688) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||