4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
61.9%
Multiple security issues (cross-site scripting, missing input sanitizing
and SQL injection) have been discovered in Cacti, a web interface for
graphing of monitoring systems.
Furthermore, the fix for CVE-2014-4002 in the previous security update
has been brought in-line with the upstream fix as it caused a
regression for people using the plug-in system.
For Debian 6 Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5
CPE | Name | Operator | Version |
---|---|---|---|
cacti | eq | 0.8.7g-1 | |
cacti | eq | 0.8.7g-1+squeeze1 | |
cacti | eq | 0.8.7g-1+squeeze2 | |
cacti | eq | 0.8.7g-1+squeeze3 | |
cacti | eq | 0.8.7g-1+squeeze4 |