CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
zarafawebapp
𝑥
≤ 1.5
zarafazarafa
𝑥
≤ 7.1.9
zarafazarafa
7.0
zarafazarafa
7.0.1
zarafazarafa
7.0.2
zarafazarafa
7.0.3
zarafazarafa
7.0.4
zarafazarafa
7.0.5
zarafazarafa
7.0.6
zarafazarafa
7.0.7
zarafazarafa
7.0.8
zarafazarafa
7.0.9
zarafazarafa
7.0.10
zarafazarafa
7.0.11
zarafazarafa
7.0.12
zarafazarafa
7.0.13
zarafazarafa
7.1.0
zarafazarafa
7.1.1
zarafazarafa
7.1.2
zarafazarafa
7.1.3
zarafazarafa
7.1.4
zarafazarafa
7.1.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0380.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/68247
https://bugzilla.redhat.com/show_bug.cgi?id=1073618
http://advisories.mageia.org/MGASA-2014-0380.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/68247
https://bugzilla.redhat.com/show_bug.cgi?id=1073618