Test ID:	1.3.6.1.4.1.25623.1.0.805708
Category:	Web application abuses
Title:	Zarafa Collaboration Platform Arbitrary File Access Vulnerability
Summary:	Zarafa Collaboration Platform is prone to an arbitrary file access vulnerability.
Description:	Summary: Zarafa Collaboration Platform is prone to an arbitrary file access vulnerability. Vulnerability Insight: The flaw is due to 'provider/server/ECServer.cpp' allows local users to write to arbitrary files via a symlink attack on '/tmp/zarafa-upgrade-lock' Vulnerability Impact: Successful exploitation will allow an attacker to retrieve or delete arbitrary files, which may aid in further attacks. Affected Software/OS: Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 Solution: Upgrade to 7.1.13 or 7.2.1 or later. CVSS Score: 6.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3436 BugTraq ID: 75104 http://www.securityfocus.com/bid/75104 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.