Lucene search
HistoryJun 09, 2015 - 2:59 p.m.
CVE-2015-3436
zarafa collaboration platform
zcp
cve-2015-3436
symlink attack
security vulnerability
file writing vulnerability
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Affected configurations
Node
zarafazarafa_collaboration_platformRange≤7.1.12
ORzarafazarafa_collaboration_platformMatch7.2.0
References
Social References
More
Related
nessus
nessus
Fedora 20 : zarafa-7.1.12-2.fc20 (2015-8479)
2015-06-09 00:00:00
Fedora 21 : zarafa-7.1.12-2.fc21 (2015-8487)
2015-06-09 00:00:00
openvas
openvas
Zarafa Collaboration Platform Arbitrary File Access Vulnerability
2015-07-03 00:00:00
Fedora Update for zarafa FEDORA-2015-8479
2015-06-09 00:00:00
Fedora Update for zarafa FEDORA-2015-8487
2015-06-09 00:00:00
nvd
nvd
CVE-2015-3436
2015-06-09 14:59:02
cvelist
cvelist
CVE-2015-3436
2015-06-09 14:00:00
prion
prion
Code injection
2015-06-09 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: zarafa-7.1.12-2.fc20
2015-06-05 23:41:43
[SECURITY] Fedora 21 Update: zarafa-7.1.12-2.fc21
2015-06-05 23:48:16
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2015-3436