CVE-2014-1682
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0025 (0.3%)
Percentil: 48.5%
EPSS: 2026-05-06
Afecta
zabbix:zabbixfedoraproject:fedoraDescripción técnica
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Publicada: 8/5/2014, 14:29:14
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
- http://www.securityfocus.com/bid/65402
- https://support.zabbix.com/browse/ZBX-7703
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
- http://www.securityfocus.com/bid/65402
- https://support.zabbix.com/browse/ZBX-7703