provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) prior to 7.1.13 and 7.2.x prior to 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zarafa zarafa collaboration platform 7.2.0 |
||
zarafa zarafa collaboration platform |