CVE-2014-1682

EPSS 0.25%
Veröffentlicht 08.05.2014 14:29:14
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zabbix ≫ Zabbix Version <= 1.8.19

Zabbix ≫ Zabbix Version1.8

Zabbix ≫ Zabbix Version1.8.1

Zabbix ≫ Zabbix Version1.8.2

Zabbix ≫ Zabbix Version1.8.3 Updaterc1

Zabbix ≫ Zabbix Version1.8.3 Updaterc2

Zabbix ≫ Zabbix Version1.8.3 Updaterc3

Zabbix ≫ Zabbix Version1.8.15 Updaterc1

Zabbix ≫ Zabbix Version1.8.16

Zabbix ≫ Zabbix Version1.8.18

Zabbix ≫ Zabbix Version2.0.0

Zabbix ≫ Zabbix Version2.0.0 Updaterc1

Zabbix ≫ Zabbix Version2.0.0 Updaterc2

Zabbix ≫ Zabbix Version2.0.0 Updaterc3

Zabbix ≫ Zabbix Version2.0.0 Updaterc4

Zabbix ≫ Zabbix Version2.0.0 Updaterc5

Zabbix ≫ Zabbix Version2.0.0 Updaterc6

Zabbix ≫ Zabbix Version2.0.1

Zabbix ≫ Zabbix Version2.0.1 Updaterc1

Zabbix ≫ Zabbix Version2.0.1 Updaterc2

Zabbix ≫ Zabbix Version2.0.2

Zabbix ≫ Zabbix Version2.0.2 Updaterc1

Zabbix ≫ Zabbix Version2.0.2 Updaterc2

Zabbix ≫ Zabbix Version2.0.3

Zabbix ≫ Zabbix Version2.0.3 Updaterc1

Zabbix ≫ Zabbix Version2.0.3 Updaterc2

Zabbix ≫ Zabbix Version2.0.4

Zabbix ≫ Zabbix Version2.0.4 Updaterc1

Zabbix ≫ Zabbix Version2.0.5

Zabbix ≫ Zabbix Version2.0.5 Updaterc1

Zabbix ≫ Zabbix Version2.0.6

Zabbix ≫ Zabbix Version2.0.6 Updaterc1

Zabbix ≫ Zabbix Version2.0.7 Updaterc1

Zabbix ≫ Zabbix Version2.0.8 Updaterc1

Zabbix ≫ Zabbix Version2.0.8 Updaterc2

Zabbix ≫ Zabbix Version2.0.9 Updaterc1

Zabbix ≫ Zabbix Version2.0.9 Updaterc2

Zabbix ≫ Zabbix Version2.0.10 Updaterc1

Zabbix ≫ Zabbix Version2.2.0 Update-

Zabbix ≫ Zabbix Version2.2.0 Updaterc1

Zabbix ≫ Zabbix Version2.2.0 Updaterc2

Zabbix ≫ Zabbix Version2.2.1

Zabbix ≫ Zabbix Version2.2.1 Update-

Zabbix ≫ Zabbix Version2.2.1 Updaterc1

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html

http://www.securityfocus.com/bid/65402

https://support.zabbix.com/browse/ZBX-7703

https://nvd.nist.gov/vuln/detail/CVE-2014-1682

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1682

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1682

EUVD