Lucene search
HistoryJun 09, 2015 - 2:59 p.m.
CVE-2015-3436
zarafa collaboration platform
zcp
cve-2015-3436
symlink attack
security vulnerability
file writing vulnerability
6.2 Medium
AI Score
Confidence
Low
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
References
Social References
More
Related
nessus
nessus
Fedora 20 : zarafa-7.1.12-2.fc20 (2015-8479)
2015-06-09 00:00:00
Fedora 21 : zarafa-7.1.12-2.fc21 (2015-8487)
2015-06-09 00:00:00
openvas
openvas
Zarafa Collaboration Platform Arbitrary File Access Vulnerability
2015-07-03 00:00:00
Fedora Update for zarafa FEDORA-2015-8479
2015-06-09 00:00:00
Fedora Update for zarafa FEDORA-2015-8487
2015-06-09 00:00:00
cvelist
cvelist
CVE-2015-3436
2015-06-09 14:00:00
prion
prion
Code injection
2015-06-09 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: zarafa-7.1.12-2.fc20
2015-06-05 23:41:43
[SECURITY] Fedora 21 Update: zarafa-7.1.12-2.fc21
2015-06-05 23:48:16
6.2 Medium
AI Score
Confidence
Low
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2015-3436