CVE-2014-5449

Published: Oct 20, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

Affected (2)

Products: Zarafa: Webaccess, Webapp

Zarafa

2 products

Webaccess

Webapp

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zarafa Webaccess	Version 4.1
Zarafa Webapp	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://advisories.mageia.org/MGASA-2014-0380.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/444

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/445

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

Source: cve@mitre.org

http://www.securityfocus.com/bid/69369

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/95453

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0380.html