CVE-2014-0079
CVE-2014-0079 is a medium-severity vulnerability in Zarafa with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (76th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Zarafa
- Published:
- Last modified:
Description
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Frequently asked questions
- What is CVE-2014-0079?
- The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
- How severe is CVE-2014-0079?
- CVE-2014-0079 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2014-0079 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (76th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-0079?
- CVE-2014-0079 primarily affects Zarafa. In total, 15 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2014-0079?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-0079 published?
- CVE-2014-0079 was published on 2014-04-28 and last updated on 2026-06-17.
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:044
- https://bugzilla.redhat.com/show_bug.cgi?id=1059903
Affected products (15)
- cpe:2.3:a:zarafa:zarafa:*:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.00:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.20:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.00:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.02:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.03:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.10:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:6.11:*:*:*:*:*:*:*
- cpe:2.3:a:zarafa:zarafa:7.1.8:*:*:*:*:*:*:*
More vulnerabilities in Zarafa
- CVE-2021-28994 — High (CVSS 7.5): kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and…
- CVE-2014-0037 — Medium (CVSS 5.0): The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote…
- CVE-2014-5448 — Low (CVSS 2.1): Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain…
- CVE-2014-5447 — Low (CVSS 2.1): Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to…
- CVE-2014-0103 — Low (CVSS 2.1): WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache…
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →