CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zarafa:webaccess:4.1:*:*:*:*:*:*:*
cpe:2.3:a:zarafa:webapp:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-10-20 15:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-5449

Mitre link : CVE-2014-5449

CVE.ORG link : CVE-2014-5449


JSON object : View

Products Affected

zarafa

  • webaccess
  • webapp
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor