Micro Focus GroupWise Session ID Disclosure
Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the
GroupWise web application transmits the session ID in HTTP GET requests in
the URL when email content is accessed. The exposed session ID can be
recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the
browser history or the server log files is able to take control of the
user session with the help of the session ID. Versions prior to 18.4.2 are affected.
https://packetstormsecurity.com/files/170768/TRSA-2203-01.txt
Fri, 27 Jan 2023 15:10:35 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com