Vulnerability Details : CVE-2016-5762
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2016-5762
- cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5762
35.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5762
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-5762
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5762
-
http://www.securityfocus.com/bid/92642
Novell GroupWise CVE-2016-5762 Heap Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html
Micro Focus GroupWise Cross Site Scripting / Overflows ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt
Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/539296/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2016/Aug/123
Full Disclosure: SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWiseMailing List;Third Party Advisory;VDB Entry
-
https://www.novell.com/support/kb/doc.php?id=7017975
Heap buffer overflow in GroupWise Post Office AgentVendor Advisory
Jump to