The API in Zabbix prior to 1.8.20rc1, 2.0.x prior to 2.0.11rc1, and 2.2.x prior to 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zabbix zabbix 2.0.2 |
||
zabbix zabbix 2.0.3 |
||
zabbix zabbix 2.0.7 |
||
zabbix zabbix 2.0.8 |
||
zabbix zabbix 2.2.0 |
||
zabbix zabbix 2.2.1 |
||
zabbix zabbix 2.0.0 |
||
zabbix zabbix 2.0.1 |
||
zabbix zabbix 2.0.5 |
||
zabbix zabbix 1.8 |
||
zabbix zabbix 1.8.3 |
||
zabbix zabbix 2.0.9 |
||
zabbix zabbix 2.0.10 |
||
zabbix zabbix 2.0.4 |
||
fedoraproject fedora 19 |
||
fedoraproject fedora 20 |
||
zabbix zabbix 2.0.6 |
||
zabbix zabbix 1.8.15 |
||
zabbix zabbix 1.8.16 |
||
zabbix zabbix 1.8.18 |
||
zabbix zabbix |
||
zabbix zabbix 1.8.1 |
||
zabbix zabbix 1.8.2 |