2.1

CVE-2014-5447

EPSS 0.05%
Veröffentlicht 20.10.2014 15:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zarafa ≫ Webapp Version1.6

Zarafa ≫ Zarafa Version7.1.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.117

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://advisories.mageia.org/MGASA-2014-0380.html

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

http://seclists.org/oss-sec/2014/q3/444

http://seclists.org/oss-sec/2014/q3/445

http://www.securityfocus.com/bid/69362

https://nvd.nist.gov/vuln/detail/CVE-2014-5447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5447

EUVD