VDB
GCVE-110-MAGEIA-2014-380
GCVE-110-MAGEIA-2014-380
Advisory Published
Updated zarafa packages fix security vulnerabilities:
Robert Scheck reported that Zarafa's WebAccess stored session information,
including login credentials, on-disk in PHP session files. This session file
would contain a user's username and password to the Zarafa IMAP server
(CVE-2014-0103).
Robert Scheck discovered that the Zarafa Collaboration Platform has multiple
incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449,
CVE-2014-5450).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | zarafa | 0 (affected), 7.1.11-1.mga4 (unaffected) | — |
| Mageia | zarafa | 0 (affected), 7.1.11-1.mga3 (unaffected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.