W. Ettlinger

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue allows an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. This can be achieved through a cross-site request forgery (CSRF) attack. An attacker must already have obtained product administrator or root privileges to exploit this issue. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to policy rules modification until a fix is available. As a temporary workaround, ensure that administrators are cautious when accessing web pages and avoid accessing potentially malicious links. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue concerns a critical library in the Trend Micro InterScan Messaging Security Virtual Appliance that may be vulnerable to attack. **Recommendations** For version 9.1, update the specific critical library to prevent potential attacks.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue concerns the storage of administrative passwords using an outdated hash. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue is an information disclosure vulnerability that could allow an attacker to access a specific database and key. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue allows an authenticated attacker to abuse the product's web server, granting access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this issue. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to the web server until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue is related to an XML External Entity Processing (XXE) vulnerability. This could allow an authenticated administrator to read arbitrary local files. To exploit this, an attacker must already have obtained product administrator or root privileges. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to the administrator interface to minimize the risk of exploitation. As a temporary workaround, limit the privileges of administrators to reduce the potential impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: The issue allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments. This is possible due to missing authentication and authorization. Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: The issue allows remote attackers to hijack the authentication of arbitrary users for requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. Specifically, attackers can delete e-mail messages via a delete action in a request to "secmail/getmessage.exe" or spoof arbitrary users and reply to their messages via a request to "secserver/securectrl.exe". Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "secmail/getmessage.exe" and "secserver/securectrl.exe" endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: The issue allows remote authenticated users to read arbitrary e-mail messages. This is achieved via the `option1` parameter in a reply action to "secmail/getmessage.exe" API endpoint. Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: The issue allows remote authenticated users to read e-mail messages to arbitrary recipients. This is achieved by using a .. (dot dot) in the `filename` parameter to the "secupload2/upload.aspx" API endpoint. Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "secupload2/upload.aspx" endpoint or validating the `filename` parameter to prevent directory traversal attacks.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: The issue allows remote authenticated users to read arbitrary e-mail messages. This is achieved by using a .. (dot dot) in the `option2` parameter in an attachment action to "secmail/getmessage.exe" API endpoint. Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message. This could potentially lead to unauthorized actions on the affected system. Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions prior to 2014 R2 Service Pack 1 Hot Patch 1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted email, which is a result of a cross-site scripting (XSS) vulnerability. **Recommendations** For versions prior to 2014 R2 Service Pack 1 Hot Patch 1, update to 2014 R2 Service Pack 1 Hot Patch 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions prior to 2014 R2 Service Pack 1 Hot Patch 1 **Description** The issue is caused by an integer overflow in the Post Office Agent, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by using a long `username` or `password`, triggering a heap-based buffer overflow. **Recommendations** For versions prior to 2014 R2 Service Pack 1 Hot Patch 1, update to 2014 R2 Service Pack 1 Hot Patch 1 or later to resolve the issue. As a temporary workaround, consider restricting the length of `username` and `password` inputs to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions prior to 2014 R2 Service Pack 1 Hot Patch 1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administrator console. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the `token` parameter to "gwadmin-console/install/login.jsp" or the `PATH INFO` to "gwadmin-console/index.jsp". **Recommendations** For versions prior to 2014 R2 Service Pack 1 Hot Patch 1, update to 2014 R2 Service Pack 1 Hot Patch 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator console and avoiding the use of the `token` parameter in the "gwadmin-console/install/login.jsp" endpoint and the `PATH INFO` in the "gwadmin-console/index.jsp" endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Novell Filr versions 1.2 before Hot Patch 6 Novell Filr versions 2.0 before Hot Patch 2 **Description** The issue allows local users to gain privileges by replacing the content of a specific file with arbitrary shell commands, due to world-writable permissions for /etc/profile.d/vainit.sh. **Recommendations** For Novell Filr version 1.2, apply Hot Patch 6 to resolve the issue. For Novell Filr version 2.0, apply Hot Patch 2 to resolve the issue. As a temporary workaround, consider restricting write access to the /etc/profile.d/vainit.sh file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Novell Filr versions prior to 1.2 Security Update 3 Novell Filr versions prior to 2.0 Security Update 2 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted input. This can be demonstrated by a crafted attribute of an `IMG` element in the `phone` field of a user profile. **Recommendations** For Novell Filr versions prior to 1.2 Security Update 3, apply Security Update 3 to resolve the issue. For Novell Filr versions prior to 2.0 Security Update 2, apply Security Update 2 to resolve the issue. As a temporary workaround, consider restricting user input in the phone field of user profiles to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell Filr versions prior to 1.2 Security Update 3 Novell Filr versions 2.0 prior to Security Update 2 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `ntpServer` parameter. **Recommendations** For Novell Filr versions prior to 1.2 Security Update 3, apply Security Update 3 to resolve the issue. For Novell Filr versions 2.0 prior to Security Update 2, apply Security Update 2 to resolve the issue. As a temporary workaround, consider restricting access to the `ntpServer` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell Filr versions prior to 2.0 Security Update 2 **Description** The issue allows remote attackers to hijack the authentication of administrators. This can be demonstrated by reconfiguring time settings via a "vaconfig/time" request. **Recommendations** For versions prior to 2.0 Security Update 2, update to 2.0 Security Update 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Novell Filr versions prior to 1.2 Security Update 3 Novell Filr versions 2.0 prior to Security Update 2 **Description** The issue allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a `blob name`. This is due to a directory traversal vulnerability in the email-template feature. **Recommendations** For Novell Filr versions prior to 1.2 Security Update 3, apply Security Update 3 to resolve the issue. For Novell Filr versions 2.0 prior to Security Update 2, apply Security Update 2 to resolve the issue. As a temporary workaround, consider restricting access to the email-template feature until a patch is available.