Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4189

CWE-94Code Injection4 documents4 sources
Severity
7.5HIGH
EPSS
21.5%
top 4.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedMar 2
Latest updateMay 14

Description

The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDnovell/groupwise8.0, 8.0.1, 8.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-gq5p-84h6-hf7h: The client in Novell GroupWise 82022-05-14
CVEList
CVE-2011-4189: The client in Novell GroupWise 82012-03-02

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise - Address Book Remote Code Execution2012-03-01
CVE-2011-4189 (HIGH CVSS 7.5) | The client in Novell GroupWise 8.0x | cvebase.io