Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4715

CWE-22 — Path Traversal4 documents4 sources

Severity

5.0MEDIUM

EPSS

2.8%

top 13.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Groupwise

Timeline

PublishedJan 31

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/groupwise8.0.2+22

🔴Vulnerability Details

GHSA

GHSA-phwc-895q-f8m7: Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8↗2022-05-17

▶

CVEList

CVE-2010-4715: Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8↗2011-01-31

▶

💥Exploits & PoCs

Exploit-DB

Novell Groupwise 8.0 - Multiple Remote Vulnerabilities↗2010-11-08

▶