Vulners
Lucene search
Micro Focus GroupWise Session ID Disclosure
🗓️ 27 Jan 2023 00:00:00Reported by Stefan Pietsch, trovent.ioType 
packetstorm🔗 packetstormsecurity.com👁 287 Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Micro Focus GroupWise Session ID Disclosure Vulnerability | 30 Jan 202300:00 | – | zdt |
 | CVE-2022-38756 | 17 Dec 202202:24 | – | circl |
 | Micro Focus GroupWise 日志信息泄露漏洞 | 16 Dec 202200:00 | – | cnnvd |
 | CVE-2022-38756 | 16 Dec 202200:00 | – | cve |
 | CVE-2022-38756 CVE-2022-38756 vulnerability in GW Web prior to 18.4.2 | 16 Dec 202200:00 | – | cvelist |
 | EUVD-2022-41319 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-38756 | 16 Dec 202223:15 | – | nvd |
 | Design/Logic Flaw | 16 Dec 202223:15 | – | prion |
 | PT-2022-24554 · Micro Focus · Micro Focus Groupwise Web | 16 Dec 202200:00 | – | ptsecurity |
 | CVE-2022-38756 | 22 May 202521:49 | – | redhatcve |
10
`# Trovent Security Advisory 2203-01 #
#####################################
Micro Focus GroupWise transmits session ID in URL
#################################################
Overview
########
Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com
Credits: Trovent Security GmbH, Stefan Pietsch
Detailed description
####################
Micro Focus GroupWise is a messaging software for email and personal information
management.
Trovent Security GmbH discovered that the GroupWise web application transmits
the session ID in HTTP GET requests in the URL when email content is accessed.
The exposed session ID can be recorded in the browser history of the client and
in log files of the web server or reverse proxy server.
A possible attacker with access to the browser history or the server log files
is able to take control of the user session with the help of the session ID.
Severity: Medium
CVSS Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVE ID: CVE-2022-38756
CWE ID: CWE-598
Proof of concept
################
Simplified HTTP request:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GET /attachment?session=<SESSIONID>&id=... HTTP/1.1
Host: <HOSTNAME>
...
X-User-Agent: GroupWise Web (18.4.0-139604)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution / Workaround
#####################
The vendor released a fixed version of GroupWise.
Fixed in version 18.4.2.
History
#######
2022-03-30: Vulnerability found
2022-08-05: Vendor contacted
2022-10-31: Contacted vendor again
2022-11-01: Vendor replied that the vulnerability will be investigated
2022-11-14: Vendor contacted, asking for status
2022-11-16: Vendor replied that a security bulletin is being prepared
2022-12-06: Vendor published security bulletin
2023-01-27: Advisory published
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Jan 2023 00:00Current
4.8Medium risk
Vulners AI Score4.8
CVSS 3.14.3
EPSS0.00184
SSVC