CVE-2014-1685 — Zabbix vulnerability

6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix Fedoraproject Fedora

Timeline

PublishedMay 8

Latest updateMay 17

Description

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.2.2+dfsg-1 (bookworm)

▶Debianzabbix/zabbix< 1:2.2.2+dfsg-1+3

▶NVDzabbix/zabbix1.8.19+20

Also affects: Fedora 19, 20

🔴Vulnerability Details

GHSA

GHSA-8jhf-8qjr-8c39: The Frontend in Zabbix before 1↗2022-05-17

▶

OSV

CVE-2014-1685: The Frontend in Zabbix before 1↗2014-05-08

▶

📋Vendor Advisories

Debian

CVE-2014-1685: zabbix - The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x befor...↗2014

▶

💬Community

Bugzilla

CVE-2014-1685 zabbix22: zabbix: unauthorized modification of user media via Zabbix Admin users [epel-6]↗2014-05-08

▶

Bugzilla

CVE-2014-1685 zabbix: unauthorized modification of user media via Zabbix Admin users↗2014-05-08

▶