5
CVE-2013-1364
- EPSS 2.17%
- Veröffentlicht 14.12.2013 17:21:45
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.17% | 0.799 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/55824
http://security.gentoo.org/glsa/glsa-201311-15.xml
http://www.securityfocus.com/bid/57471
http://www.zabbix.com/rn1.8.16.php
http://www.zabbix.com/rn2.0.5rc1.php
https://support.zabbix.com/browse/ZBX-6097