Zabbix · Zabbix · CVE-2014-1682
**Name of the Vulnerable Software and Affected Versions**
Zabbix versions prior to 1.8.20rc1
Zabbix versions 2.0.x prior to 2.0.11rc1
Zabbix versions 2.2.x prior to 2.2.2rc1
**Description**
The issue allows remote authenticated users to spoof arbitrary users via the `user name` in a "user.login" request.
**Recommendations**
For versions prior to 1.8.20rc1, update to version 1.8.20rc1 or later.
For versions 2.0.x prior to 2.0.11rc1, update to version 2.0.11rc1 or later.
For versions 2.2.x prior to 2.2.2rc1, update to version 2.2.2rc1 or later.