CVE-2022-38756

Name of the Vulnerable Software and Affected Versions Micro Focus GroupWise Web versions prior to 18.4.2

Description A vulnerability has been identified in the GW Web component, which makes a request to the Post Office Agent containing sensitive information in the query parameters. This sensitive information could be logged by any intervening HTTP proxies.

Recommendations For versions prior to 18.4.2, update to version 18.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the GW Web component to minimize the risk of exploitation. Avoid using sensitive information in query parameters for the Post Office Agent request until the issue is resolved.