CVE-2025-0885
1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:A/V:D/RE:L/U:Green
Summary
Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels.
The vulnerability could allow unauthorized access to calendar items marked private.
This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 24.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenText™ | GroupWise | 7 <= 17.5 | affected |
| OpenText™ | GroupWise | 23.4 | affected |
| OpenText™ | GroupWise | 24.1 | affected |
| OpenText™ | GroupWise | 24.2 | affected |
| OpenText™ | GroupWise | 24.3 | affected |
| OpenText™ | GroupWise | 24.4 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.