Lucene search
HistoryJun 09, 2015 - 2:59 p.m.
CVE-2015-3436
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Affected configurations
Node
zarafazarafa_collaboration_platformRange≤7.1.12
ORzarafazarafa_collaboration_platformMatch7.2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zarafa | zarafa_collaboration_platform | * | cpe:2.3:a:zarafa:zarafa_collaboration_platform:*:*:*:*:*:*:*:* |
| zarafa | zarafa_collaboration_platform | 7.2.0 | cpe:2.3:a:zarafa:zarafa_collaboration_platform:7.2.0:*:*:*:*:*:*:* |
Related
openvas
openvas
Zarafa Collaboration Platform Arbitrary File Access Vulnerability
2015-07-03 00:00:00
Fedora Update for zarafa FEDORA-2015-8479
2015-06-09 00:00:00
Fedora Update for zarafa FEDORA-2015-8487
2015-06-09 00:00:00
cve
cve
CVE-2015-3436
2015-06-09 14:59:02
nessus
nessus
Fedora 20 : zarafa-7.1.12-2.fc20 (2015-8479)
2015-06-09 00:00:00
Fedora 21 : zarafa-7.1.12-2.fc21 (2015-8487)
2015-06-09 00:00:00
cvelist
cvelist
CVE-2015-3436
2015-06-09 14:00:00
prion
prion
Code injection
2015-06-09 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: zarafa-7.1.12-2.fc20
2015-06-05 23:41:43
[SECURITY] Fedora 21 Update: zarafa-7.1.12-2.fc21
2015-06-05 23:48:16
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2015-3436