cbcvebase.
CVE-2013-5572
published 2013-10-01

CVE-2013-5572: Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password…

PriorityP424low3.5CVSS 2.0
AVNACMAuSCPINAN
EXPLOIT
EPSS
4.11%
89.5th percentile
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianzabbix< zabbix 1:2.2.2+dfsg-1 (bookworm)zabbix 1:2.2.2+dfsg-1 (bookworm)
zabbixzabbix
zabbixzabbix>= 0 < 1:2.2.2+dfsg-11:2.2.2+dfsg-1
zabbixzabbix>= 0 < 1:2.2.2+dfsg-11:2.2.2+dfsg-1
zabbixzabbix>= 0 < 1:2.2.2+dfsg-11:2.2.2+dfsg-1
zabbixzabbix>= 0 < 1:2.2.2+dfsg-11:2.2.2+dfsg-1

CVSS provenance

nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW
vendor_debian3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.