CVE-2014-5450: Infoleak
First published: Mon Mar 19 2018(Updated: )
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zarafa Collaboration Platform | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html
- http://www.openwall.com/lists/oss-security/2014/08/25/1
- http://www.securityfocus.com/bid/69370
- https://bugzilla.redhat.com/show_bug.cgi?id=1133439
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95454
Frequently Asked Questions
What is the severity of CVE-2014-5450?
CVE-2014-5450 is considered a moderate severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2014-5450?
To fix CVE-2014-5450, change the permissions of the /etc/zarafa/license file to restrict access.
What information can be exposed due to CVE-2014-5450?
CVE-2014-5450 allows local users to read sensitive license information stored in the zarafa license file.
Which software is affected by CVE-2014-5450?
CVE-2014-5450 specifically affects Zarafa Collaboration Platform version 4.1.
Can CVE-2014-5450 be exploited remotely?
No, CVE-2014-5450 requires local access to exploit the vulnerability.
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/description
- vendor/zarafa
- canonical/zarafa collaboration platform
- version/zarafa collaboration platform/4.1