CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
zabbixzabbix
𝑥
≤ 1.8.19
zabbixzabbix
1.8
zabbixzabbix
1.8.1
zabbixzabbix
1.8.2
zabbixzabbix
1.8.3:rc1
zabbixzabbix
1.8.3:rc2
zabbixzabbix
1.8.3:rc3
zabbixzabbix
1.8.15:rc1
zabbixzabbix
1.8.16
zabbixzabbix
1.8.18
zabbixzabbix
2.0.0
zabbixzabbix
2.0.0:rc1
zabbixzabbix
2.0.0:rc2
zabbixzabbix
2.0.0:rc3
zabbixzabbix
2.0.0:rc4
zabbixzabbix
2.0.0:rc5
zabbixzabbix
2.0.0:rc6
zabbixzabbix
2.0.1
zabbixzabbix
2.0.1:rc1
zabbixzabbix
2.0.1:rc2
zabbixzabbix
2.0.2
zabbixzabbix
2.0.2:rc1
zabbixzabbix
2.0.2:rc2
zabbixzabbix
2.0.3
zabbixzabbix
2.0.3:rc1
zabbixzabbix
2.0.3:rc2
zabbixzabbix
2.0.4
zabbixzabbix
2.0.4:rc1
zabbixzabbix
2.0.5
zabbixzabbix
2.0.5:rc1
zabbixzabbix
2.0.6
zabbixzabbix
2.0.6:rc1
zabbixzabbix
2.0.7:rc1
zabbixzabbix
2.0.8:rc1
zabbixzabbix
2.0.8:rc2
zabbixzabbix
2.0.9:rc1
zabbixzabbix
2.0.9:rc2
zabbixzabbix
2.0.10:rc1
zabbixzabbix
2.2.0
zabbixzabbix
2.2.0:rc1
zabbixzabbix
2.2.0:rc2
zabbixzabbix
2.2.1
zabbixzabbix
2.2.1
zabbixzabbix
2.2.1:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bullseye
1:5.0.8+dfsg-1
fixed
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
bookworm
1:6.0.14+dfsg-1
fixed
trixie
1:7.0.3+dfsg-1
fixed
sid
1:7.0.5+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
http://www.securityfocus.com/bid/65402
https://support.zabbix.com/browse/ZBX-7703
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
http://www.securityfocus.com/bid/65402
https://support.zabbix.com/browse/ZBX-7703