CVE-2022-38756

CVSS V2 None CVSS V3 None
Description
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
Overview
  • CVE ID
  • CVE-2022-38756
  • Assigner
  • security@microfocus.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-16T23:15:09
  • Last Modified Date
  • 2023-03-01T18:24:55
Weakness Enumerations
CWE URL
CWE-532 http://cwe.mitre.org/data/definitions/532.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:microfocus:groupwise:*:*:*:*:*:*:*:* 1 OR 18.4.2
References
Reference URL Reference Tags
http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html
http://seclists.org/fulldisclosure/2023/Jan/28
https://portal.microfocus.com/s/article/KM000012374?language=en_US Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-38756
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38756
History
Created Old Value New Value Data Type Notes
2022-12-18 09:31:58 Added to TrackCVE
2022-12-19 03:15:38 2022-12-16T23:15:09.703 2022-12-16T23:15:09 CVE Published Date updated
2022-12-19 03:15:38 2022-12-19T02:27:34 CVE Modified Date updated
2022-12-19 03:15:38 Received Awaiting Analysis Vulnerability Status updated
2022-12-21 07:03:00 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-22 18:18:31 2022-12-22T17:41:35 CVE Modified Date updated
2022-12-22 18:18:31 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-22 18:18:32 Weakness Enumeration new
2022-12-22 18:18:34 CPE Information updated
2023-01-27 18:14:13 2023-01-27T17:15:11 CVE Modified Date updated
2023-01-27 18:14:13 Analyzed Undergoing Analysis Vulnerability Status updated
2023-01-27 18:14:14 References updated
2023-01-31 11:14:09 2023-01-31T09:15:07 CVE Modified Date updated
2023-01-31 11:14:10 References updated
2023-03-01 22:16:14 2023-03-01T18:24:55 CVE Modified Date updated
2023-03-01 22:16:14 Undergoing Analysis Analyzed Vulnerability Status updated