Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4717

CWE-119Buffer Overflow4 documents4 sources
Severity
6.5MEDIUM
EPSS
5.5%
top 9.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedJan 31
Latest updateMay 17

Description

Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDnovell/groupwise8.0.2+22

🔴Vulnerability Details

2
GHSA
GHSA-69rc-596w-6jr8: Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 82022-05-17
CVEList
CVE-2010-4717: Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 82011-01-31

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise Internet Agent - IMAP 'LIST LSUB' Remote Code Execution2010-11-09
CVE-2010-4717 (MEDIUM CVSS 6.5) | Multiple stack-based buffer overflo | cvebase.io