CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

Published: Jul 29, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0103
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
zarafa / zarafa	7.1.1	7.1.1.x
zarafa / zarafa	7.1.3	7.1.3.x
zarafa / zarafa	7.1.4	7.1.4.x
zarafa / zarafa	7.0.1	7.0.1.x
zarafa / webapp	-	1.5.x
zarafa / zarafa	7.0.13	7.0.13.x
zarafa / zarafa	7.0	7.0.x
zarafa / zarafa	7.0.10	7.0.10.x
zarafa / zarafa	7.0.8	7.0.8.x
zarafa / zarafa	7.0.6	7.0.6.x
zarafa / zarafa	7.0.5	7.0.5.x
zarafa / zarafa	7.0.7	7.0.7.x
fedoraproject / fedora	20	20.x
zarafa / zarafa	7.0.2	7.0.2.x
zarafa / zarafa	7.1.0	7.1.0.x
zarafa / zarafa	7.1.2	7.1.2.x
zarafa / zarafa	7.0.12	7.0.12.x
zarafa / zarafa	7.0.11	7.0.11.x
zarafa / zarafa	7.0.3	7.0.3.x
zarafa / zarafa	-	7.1.9.x
zarafa / zarafa	7.0.4	7.0.4.x
fedoraproject / fedora	19	19.x
zarafa / zarafa	7.0.9	7.0.9.x
zarafa / zarafa	7.1.8	7.1.8.x

Vulnerability Database

CVE-2014-0103