PT-2014-4290 · Zabbix+1 · Zabbix+1

Vitaly Shupak

Published

2014-02-13

Updated

2014-05-09

CVE-2014-1682

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 1.8.20rc1 Zabbix versions 2.0.x prior to 2.0.11rc1 Zabbix versions 2.2.x prior to 2.2.2rc1

Description The issue allows remote authenticated users to spoof arbitrary users via the user name in a "user.login" request.

Recommendations For versions prior to 1.8.20rc1, update to version 1.8.20rc1 or later. For versions 2.0.x prior to 2.0.11rc1, update to version 2.0.11rc1 or later. For versions 2.2.x prior to 2.2.2rc1, update to version 2.2.2rc1 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2014-1190

CVE-2014-1682

MGASA-2014-0095

Affected Products

Alt Linux

Zabbix

PT-2014-4290 · Zabbix+1 · Zabbix+1

CVE-2014-1682

Weakness Enumeration

Related Identifiers

Affected Products

References · 19