CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
zarafawebaccess
4.1
zarafawebapp
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zarafa
vivid
dne
utopic
dne
trusty
dne
precise
dne
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0380.html
http://seclists.org/oss-sec/2014/q3/444
http://seclists.org/oss-sec/2014/q3/445
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/69369
https://exchange.xforce.ibmcloud.com/vulnerabilities/95453
http://advisories.mageia.org/MGASA-2014-0380.html
http://seclists.org/oss-sec/2014/q3/444
http://seclists.org/oss-sec/2014/q3/445
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/69369
https://exchange.xforce.ibmcloud.com/vulnerabilities/95453