PT-2025-27768 · Opentext · Opentext Groupwise
Published
2025-07-03
·
Updated
2025-07-03
·
CVE-2025-0885
CVSS v4.0
1.8
Low
| Vector | AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:D/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions:
OpenText GroupWise versions 7 through 17.5
OpenText GroupWise version 23.4
OpenText GroupWise version 24.1
OpenText GroupWise version 24.2
OpenText GroupWise version 24.3
OpenText GroupWise version 24.4
Description:
The issue is related to an Incorrect Authorization vulnerability in OpenText GroupWise, which allows exploiting incorrectly configured access control security levels. This could allow unauthorized access to calendar items marked as private.
Recommendations:
For OpenText GroupWise versions 7 through 17.5, update to a version that includes the fix for this issue.
For OpenText GroupWise version 23.4, update to a version that includes the fix for this issue.
For OpenText GroupWise version 24.1, update to a version that includes the fix for this issue.
For OpenText GroupWise version 24.2, update to a version that includes the fix for this issue.
For OpenText GroupWise version 24.3, update to a version that includes the fix for this issue.
For OpenText GroupWise version 24.4, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to private calendar items until a patch is available.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Groupwise