CVE-2008-2704Improper Input Validation in Groupwise Messenger

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.4%
top 14.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Groupwise Messenger
Timeline
PublishedJun 13
Latest updateMay 1

Description

Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnovell/groupwise_messenger4 versions+3

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-hw8j-q3v2-5j9q: Novell GroupWise Messenger (GWIM) before 22022-05-01
CVEList
CVE-2008-2704: Novell GroupWise Messenger (GWIM) before 22008-06-13
CVE-2008-2704 — Improper Input Validation | cvebase