All errata/t6/ALT-PU-2014-1207-1
ALT-PU-2014-1207-1

Package update zabbix in branch t6

Version1.8.20-alt0.M60P.1
Task#114685
Published2014-02-18
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-1682
MEDIUM4.0

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Published: 2014-05-08Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
References
CVE-2014-1685
MEDIUM5.5

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Published: 2014-05-08Modified: 2025-04-12
CVSS 2.0MEDIUM 5.5
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P
References