CVE-2014-5448

Published: Oct 20, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.

Affected (1)

Products: Zarafa: Zarafa

Zarafa

1 product

Zarafa

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zarafa Zarafa	Version 5.00

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://advisories.mageia.org/MGASA-2014-0380.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/444

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/445

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

Source: cve@mitre.org

http://www.securityfocus.com/bid/69365

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/95452

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0380.html