CVE-2010-4717

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 8.02HP

Description The issue is related to multiple stack-based buffer overflows in the IMAP server component of the GroupWise Internet Agent (GWIA). This can be exploited by remote attackers to execute arbitrary code via long LIST or LSUB commands, such as /api/imap endpoints, by manipulating the command variable. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For versions prior to 8.02HP, update to version 8.02HP or later to resolve the issue. As a temporary workaround, consider restricting access to the IMAP server component to minimize the risk of exploitation. Avoid using long LIST or LSUB commands in the affected API endpoints until the issue is resolved.