CVE-2016-5762

9.8 CRITICAL

Published: April 20, 2017 Modified: May 13, 2026

Description

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html

Source: security@opentext.com

http://seclists.org/fulldisclosure/2016/Aug/123

Source: security@opentext.com

http://www.securityfocus.com/archive/1/539296/100/0/threaded

Source: security@opentext.com

http://www.securityfocus.com/bid/92642

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7017975

Source: security@opentext.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt

Source: security@opentext.com

http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html