CVE-2014-1682

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 1.8.20rc1 Zabbix versions 2.0.x prior to 2.0.11rc1 Zabbix versions 2.2.x prior to 2.2.2rc1

Description The issue allows remote authenticated users to spoof arbitrary users via the user name in a "user.login" request.

Recommendations For versions prior to 1.8.20rc1, update to version 1.8.20rc1 or later. For versions 2.0.x prior to 2.0.11rc1, update to version 2.0.11rc1 or later. For versions 2.2.x prior to 2.2.2rc1, update to version 2.2.2rc1 or later.