CVE-2009-0272

Published: Feb 2, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.

Affected (7)

Products: Novell: Groupwise

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Novell Groupwise	Version 6.5
Novell Groupwise	Version 7.01
Novell Groupwise	Version 7.02x
Novell Groupwise	Version 7.03
Novell Groupwise	Version 7.03 hp1a
Novell Groupwise	Version 7.0
Novell Groupwise	Version 8.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://secunia.com/advisories/33744

Source: cve@mitre.org

http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319

Source: cve@mitre.org

Vendor Advisory

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/500569/100/0/threaded

Source: cve@mitre.org

http://secunia.com/advisories/33744

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/500569/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.