CVE-2014-5449

Zarafa WebAccess and WebApp - Exposure of Sensitive Information via World-Readable Temporary Files

Title source: llm
STIX 2.1

Description

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/444
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95453
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0380.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69369
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/445

Scores

EPSS 0.0037
EPSS Percentile 29.2%

Details

CWE
CWE-200
Status published
Products (2)
zarafa/webaccess 4.1
zarafa/webapp
Published Oct 20, 2014
Tracked Since Feb 18, 2026