CVE-2018-12468 CRITICAL

CVE-2018-12468: Arbitrary File Upload in GroupWise Administration Console

Vendor Micro Focus
Product GroupWise
Published August 1, 2018
Last update September 16, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.

Key dates

02Disclosure timeline

August 1, 2018 CVE published
September 16, 2024 Record updated