5.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.01 Low
EPSS
Percentile
83.4%
Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code (CVE-2013-5572). Zabbix before 2.0.11 allows switching users without proper credentials when using HTTP authentication (CVE-2014-1682). In Zabbix before 2.0.11, the admin user is able to update media for other users (CVE-2014-1685).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | zabbix | < 2.0.11-1 | zabbix-2.0.11-1.mga3 |
Mageia | 4 | noarch | zabbix | < 2.0.11-1 | zabbix-2.0.11-1.mga4 |