CVE-2014-5449
Zarafa WebAccess and WebApp - Exposure of Sensitive Information via World-Readable Temporary Files
Title source: llmDescription
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/444
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95453
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0380.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69369
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/445
Scores
EPSS
0.0037
EPSS Percentile
29.2%
Details
CWE
CWE-200
Status
published
Products (2)
zarafa/webaccess
4.1
zarafa/webapp
Published
Oct 20, 2014
Tracked Since
Feb 18, 2026