OpenCVE

Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Groupwise

Configuration 1 [-]

OR	cpe:2.3:a:novell:groupwise:6.5:::::::*
	cpe:2.3:a:novell:groupwise:6.5:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:sp2::::::
	cpe:2.3:a:novell:groupwise:6.5:sp3::::::
	cpe:2.3:a:novell:groupwise:6.5:sp4::::::
	cpe:2.3:a:novell:groupwise:6.5:sp5::::::
	cpe:2.3:a:novell:groupwise:6.5:sp6::::::
	cpe:2.3:a:novell:groupwise:6.5.2:::::::*
	cpe:2.3:a:novell:groupwise:6.5.3:::::::*
	cpe:2.3:a:novell:groupwise:6.5.4:::::::*
	cpe:2.3:a:novell:groupwise:6.5.6:::::::*
	cpe:2.3:a:novell:groupwise:6.5.7:::::::*
	cpe:2.3:a:novell:groupwise:6.5_sp6_update_1:::::::*
	cpe:2.3:a:novell:groupwise:7.0:::::::*
	cpe:2.3:a:novell:groupwise:7.0.0:sp1::::::
	cpe:2.3:a:novell:groupwise:7.0.0:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/29409
http://securitytracker.com/id?1019616
http://www.securityfocus.com/bid/28265
http://www.vupen.com/english/advisories/2008/0904
https://exchange.xforce.ibmcloud.com/vulnerabilities/41223
https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-18T17:00:00

Updated: 2024-08-07T08:17:34.410Z

Reserved: 2008-03-13T00:00:00

Link: CVE-2008-1330

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-18T17:44:00.000

Modified: 2024-11-21T00:44:17.147

Link: CVE-2008-1330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0904", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0904"}, {"name": "groupwise-clientapi-security-bypass(41223)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"}, {"name": "1019616", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019616"}, {"name": "29409", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29409"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"}, {"name": "28265", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28265"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0904", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0904"}, {"name": "groupwise-clientapi-security-bypass(41223)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"}, {"name": "1019616", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019616"}, {"name": "29409", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29409"}, {"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html", "refsource": "CONFIRM", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"}, {"name": "28265", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28265"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:34.410Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-0904", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0904"}, {"name": "groupwise-clientapi-security-bypass(41223)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"}, {"name": "1019616", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019616"}, {"name": "29409", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29409"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"}, {"name": "28265", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28265"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1330", "datePublished": "2008-03-18T17:00:00", "dateReserved": "2008-03-13T00:00:00", "dateUpdated": "2024-08-07T08:17:34.410Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*", "matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*", "matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5_sp6_update_1:*:*:*:*:*:*:*", "matchCriteriaId": "7488A4DC-3A7E-4492-9EC7-2443CEB18E58", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Windows client API de Novell GroupWise 7 antes de SP3 y 6.5 antes de SP6 Update 3 permite a usuarios remotamente autentificados acceder a los emails no compartidos almacenados de otro usuario que haya compartido al menos una carpeta con el atacante."}], "id": "CVE-2008-1330", "lastModified": "2024-11-21T00:44:17.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-18T17:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29409"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1019616"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28265"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0904"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}