CVE-2022-38756

CVE-2022-38756 vulnerability in GW Web prior to 18.4.2

Description

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

Remediation

Solution:

  • Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus GroupWise: Please update to Micro Focus GroupWise 18.4.2 or newer

Category

4.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.13%
Affected: Micro Focus Micro Focus GroupWise Web
Published at:
Updated at:

References

Link Tags
https://portal.microfocus.com/s/article/KM000012374?language=en_US
http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html
http://seclists.org/fulldisclosure/2023/Jan/28 mailing list
https://packetstorm.news/files/id/170768
https://seclists.org/fulldisclosure/2023/Jan/28

Frequently Asked Questions

What is the severity of CVE-2022-38756?
CVE-2022-38756 has been scored as a medium severity vulnerability.
How to fix CVE-2022-38756?
To fix CVE-2022-38756: Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus GroupWise: Please update to Micro Focus GroupWise 18.4.2 or newer
Is CVE-2022-38756 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-38756 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-38756?
CVE-2022-38756 affects Micro Focus Micro Focus GroupWise Web.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.