5.3

CVE-2019-15132

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZabbixZabbix Version <= 4.0.26
ZabbixZabbix Version >= 5.0.0 <= 5.0.5
ZabbixZabbix Version >= 5.2.0 <= 5.2.1
ZabbixZabbix Version4.4.0 Updatealpha1
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html
https://support.zabbix.com/browse/ZBX-16532
Vendor Advisory