Known Vulnerabilities for products from Zarafa
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Zarafa".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-28994 json | kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x ... | 7.5 - HIGH | 2021-03-31 | 2022-07-12 |
| CVE-2019-7219 json | Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discont... | 6.1 - MEDIUM | 2019-04-11 | 2019-04-26 |
| CVE-2015-6566 json | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink at... | Not Provided | 2016-01-11 | 2026-05-06 |
| CVE-2015-3436 json | provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users t... | Not Provided | 2015-06-09 | 2026-05-06 |
| CVE-2014-9465 json | senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 be... | Not Provided | 2015-02-19 | 2026-05-06 |
| CVE-2014-5450 json | Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain... | 5.5 - MEDIUM | 2018-03-19 | 2018-04-20 |
| CVE-2014-5449 json | Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local user... | Not Provided | 2014-10-20 | 2026-05-06 |
| CVE-2014-5448 json | Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive ... | Not Provided | 2014-10-20 | 2026-05-06 |
| CVE-2014-5447 json | Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain se... | Not Provided | 2014-10-20 | 2026-05-06 |
| CVE-2014-0103 json | WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to o... | Not Provided | 2014-07-29 | 2026-05-06 |
| CVE-2014-0079 json | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain b... | Not Provided | 2014-04-28 | 2026-05-06 |
| CVE-2014-0037 json | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers ... | Not Provided | 2014-04-28 | 2026-05-06 |
Known software with vulnerabilities from Zarafa
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zarafa | Webaccess | 7.2.0-48204 |
| Application | Zarafa | Webapp | 1.5 |
| Application | Zarafa | Zarafa | 5.00 |
| Application | Zarafa | Zarafa Collaboration Platform | 4.1 |