CVE-2014-5448

low

Published 2014-10-20 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
zarafa	zarafa	`5.00`

References

http://advisories.mageia.org/MGASA-2014-0380.html
http://seclists.org/oss-sec/2014/q3/444
http://seclists.org/oss-sec/2014/q3/445
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/69365
https://exchange.xforce.ibmcloud.com/vulnerabilities/95452
http://advisories.mageia.org/MGASA-2014-0380.html
http://seclists.org/oss-sec/2014/q3/444
http://seclists.org/oss-sec/2014/q3/445
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
http://www.securityfocus.com/bid/69365
https://exchange.xforce.ibmcloud.com/vulnerabilities/95452

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.