CVE-2014-1682

EPSS 0.25%
Published 08.05.2014 14:29:14
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Zabbix ≫ Zabbix Version <= 1.8.19

Zabbix ≫ Zabbix Version1.8

Zabbix ≫ Zabbix Version1.8.1

Zabbix ≫ Zabbix Version1.8.2

Zabbix ≫ Zabbix Version1.8.3 Updaterc1

Zabbix ≫ Zabbix Version1.8.3 Updaterc2

Zabbix ≫ Zabbix Version1.8.3 Updaterc3

Zabbix ≫ Zabbix Version1.8.15 Updaterc1

Zabbix ≫ Zabbix Version1.8.16

Zabbix ≫ Zabbix Version1.8.18

Zabbix ≫ Zabbix Version2.0.0

Zabbix ≫ Zabbix Version2.0.0 Updaterc1

Zabbix ≫ Zabbix Version2.0.0 Updaterc2

Zabbix ≫ Zabbix Version2.0.0 Updaterc3

Zabbix ≫ Zabbix Version2.0.0 Updaterc4

Zabbix ≫ Zabbix Version2.0.0 Updaterc5

Zabbix ≫ Zabbix Version2.0.0 Updaterc6

Zabbix ≫ Zabbix Version2.0.1

Zabbix ≫ Zabbix Version2.0.1 Updaterc1

Zabbix ≫ Zabbix Version2.0.1 Updaterc2

Zabbix ≫ Zabbix Version2.0.2

Zabbix ≫ Zabbix Version2.0.2 Updaterc1

Zabbix ≫ Zabbix Version2.0.2 Updaterc2

Zabbix ≫ Zabbix Version2.0.3

Zabbix ≫ Zabbix Version2.0.3 Updaterc1

Zabbix ≫ Zabbix Version2.0.3 Updaterc2

Zabbix ≫ Zabbix Version2.0.4

Zabbix ≫ Zabbix Version2.0.4 Updaterc1

Zabbix ≫ Zabbix Version2.0.5

Zabbix ≫ Zabbix Version2.0.5 Updaterc1

Zabbix ≫ Zabbix Version2.0.6

Zabbix ≫ Zabbix Version2.0.6 Updaterc1

Zabbix ≫ Zabbix Version2.0.7 Updaterc1

Zabbix ≫ Zabbix Version2.0.8 Updaterc1

Zabbix ≫ Zabbix Version2.0.8 Updaterc2

Zabbix ≫ Zabbix Version2.0.9 Updaterc1

Zabbix ≫ Zabbix Version2.0.9 Updaterc2

Zabbix ≫ Zabbix Version2.0.10 Updaterc1

Zabbix ≫ Zabbix Version2.2.0 Update-

Zabbix ≫ Zabbix Version2.2.0 Updaterc1

Zabbix ≫ Zabbix Version2.2.0 Updaterc2

Zabbix ≫ Zabbix Version2.2.1

Zabbix ≫ Zabbix Version2.2.1 Update-

Zabbix ≫ Zabbix Version2.2.1 Updaterc1

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html

http://www.securityfocus.com/bid/65402

https://support.zabbix.com/browse/ZBX-7703

https://nvd.nist.gov/vuln/detail/CVE-2014-1682

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1682

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1682

EUVD