CVE-2015-3436
09.06.2015, 14:59
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
| Vendor | Product | Version |
|---|---|---|
| zarafa | zarafa_collaboration_platform | 𝑥 ≤ 7.1.12 |
| zarafa | zarafa_collaboration_platform | 7.2.0 |
𝑥
= Vulnerable software versions
References