Vulnerabilities > Zarafa > Zarafa > 6.20.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-29 | CVE-2014-0103 | Cryptographic Issues vulnerability in multiple products WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | 2.1 |
2014-04-28 | CVE-2014-0037 | Improper Input Validation vulnerability in Zarafa The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username." | 5.0 |