Zarafa Webaccess vulnerabilities
2 known vulnerabilities affecting zarafa/webaccess.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2019-7219P3MEDIUMCVSS 6.1PoCv7.2.0-482042019-04-11
CVE-2019-7219 [MEDIUM] CWE-79 CVE-2019-7219: Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
nvd
CVE-2014-5449P4LOWCVSS 2.1v4.12014-10-20
CVE-2014-5449 [LOW] CWE-200 CVE-2014-5449: Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
nvd