A security vulnerability exists in the GroupWise Windows client API that can allow programmatic access to non-authorized email under certain conditions. The attacker must first authenticate to GroupWise and be a recipient of a shared folder from another user. The attacker could then exploit the vulnerability to gain unauthorized access to non-shared email in the mailbox of the sharer.

http://www.securiteam.com/securitynews/5MP0D2KNPA.html