CVE-2014-5448

Zarafa 5.00 - Unauthorized Sensitive Information Exposure via World-Readable Log Files

Title source: llm
STIX 2.1

Description

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69365
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/444
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0380.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95452
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/445

Scores

EPSS 0.0037
EPSS Percentile 29.2%

Details

CWE
CWE-200
Status published
Products (1)
zarafa/zarafa 5.00
Published Oct 20, 2014
Tracked Since Feb 18, 2026