Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1682

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-1682
Last Modified 09 May 2014 12:41:18
Published 08 May 2014 10:29:14
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-1682

Summary

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 19

  • Fedoraproject Fedora 20

Application

  • Zabbix 1.8

  • Zabbix 1.8.1

  • Zabbix 1.8.15

  • Zabbix 1.8.16

  • Zabbix 1.8.18

  • Zabbix 1.8.19

  • Zabbix 1.8.2

  • Zabbix 1.8.3

  • Zabbix 2.0.0

  • Zabbix 2.0.1

  • Zabbix 2.0.10

  • Zabbix 2.0.2

  • Zabbix 2.0.3

  • Zabbix 2.0.4

  • Zabbix 2.0.5

  • Zabbix 2.0.6

  • Zabbix 2.0.7

  • Zabbix 2.0.8

  • Zabbix 2.0.9

  • Zabbix 2.2.0

  • Zabbix 2.2.1


References

CONFIRM - https://support.zabbix.com/browse/ZBX-7703

BID - 65402

FEDORA - FEDORA-2014-5540

FEDORA - FEDORA-2014-5551


Last Updated: 27 May 2016 11:05:15