Vulnerability Details : CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2009-1634
Probability of exploitation activity in the next 30 days: 16.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2009-1634
-
https://bugzilla.novell.com/show_bug.cgi?id=472979
Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/1393
Vendor Advisory
-
http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50688
- http://www.securityfocus.com/bid/35066
Products affected by CVE-2009-1634
- cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*