Arbitrary File Write Vulnerability in Zarafa Collaboration Platform

Arbitrary File Write Vulnerability in Zarafa Collaboration Platform

CVE-2015-3436 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:C/A:C

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

Learn more about our Cis Benchmark Audit For Server Software.