← Back

Webaccess

webaccess

Vendor: Zarafa • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7219
1Zarafa
1Webaccess
Nov 21, 2024
Apr 11, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa...Show more
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.Show less
CVE-2014-5449
1Zarafa
2Webaccess
Webapp
May 6, 2026
Oct 20, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.