What is the severity of CVE-2014-1682?

CVE-2014-1682 is classified as a medium severity vulnerability.

How do I fix CVE-2014-1682?

To fix CVE-2014-1682, upgrade Zabbix to version 1.8.20rc1, 2.0.11rc1, or 2.2.2rc1 or later.

Who is affected by CVE-2014-1682?

Remote authenticated users of Zabbix versions prior to 1.8.20rc1, 2.0.11rc1, and 2.2.2rc1 are affected by CVE-2014-1682.

What type of attack is possible with CVE-2014-1682?

CVE-2014-1682 allows remote authenticated users to spoof arbitrary users through the user name in a user.login request.

Can I exploit CVE-2014-1682 without authentication?

No, exploitation of CVE-2014-1682 requires prior authentication as a user.

Vulnerability/
CVE-2014-1682

medium

CWE

287

8/5/2014

6/8/2024

CVE-2014-1682

First published: Thu May 08 2014(Updated: )

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zabbix Server	<=1.8.19
Zabbix Server	=1.8
Zabbix Server	=1.8.1
Zabbix Server	=1.8.2
Zabbix Server	=1.8.3-rc1
Zabbix Server	=1.8.3-rc2
Zabbix Server	=1.8.3-rc3
Zabbix Server	=1.8.15-rc1
Zabbix Server	=1.8.16
Zabbix Server	=1.8.18
Zabbix Server	=2.0.0
Zabbix Server	=2.0.0-rc1
Zabbix Server	=2.0.0-rc2
Zabbix Server	=2.0.0-rc3
Zabbix Server	=2.0.0-rc4
Zabbix Server	=2.0.0-rc5
Zabbix Server	=2.0.0-rc6
Zabbix Server	=2.0.1
Zabbix Server	=2.0.1-rc1
Zabbix Server	=2.0.1-rc2
Zabbix Server	=2.0.2
Zabbix Server	=2.0.2-rc1
Zabbix Server	=2.0.2-rc2
Zabbix Server	=2.0.3
Zabbix Server	=2.0.3-rc1
Zabbix Server	=2.0.3-rc2
Zabbix Server	=2.0.4
Zabbix Server	=2.0.4-rc1
Zabbix Server	=2.0.5
Zabbix Server	=2.0.5-rc1
Zabbix Server	=2.0.6
Zabbix Server	=2.0.6-rc1
Zabbix Server	=2.0.7-rc1
Zabbix Server	=2.0.8-rc1
Zabbix Server	=2.0.8-rc2
Zabbix Server	=2.0.9-rc1
Zabbix Server	=2.0.9-rc2
Zabbix Server	=2.0.10-rc1
Zabbix Server	=2.2.0
Zabbix Server	=2.2.0-rc1
Zabbix Server	=2.2.0-rc2
Zabbix Server	=2.2.1
Zabbix Server	=2.2.1
Zabbix Server	=2.2.1-rc1
Fedora	=19
Fedora	=20

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-1682?
CVE-2014-1682 is classified as a medium severity vulnerability.
How do I fix CVE-2014-1682?
To fix CVE-2014-1682, upgrade Zabbix to version 1.8.20rc1, 2.0.11rc1, or 2.2.2rc1 or later.
Who is affected by CVE-2014-1682?
Remote authenticated users of Zabbix versions prior to 1.8.20rc1, 2.0.11rc1, and 2.2.2rc1 are affected by CVE-2014-1682.
What type of attack is possible with CVE-2014-1682?
CVE-2014-1682 allows remote authenticated users to spoof arbitrary users through the user name in a user.login request.
Can I exploit CVE-2014-1682 without authentication?
No, exploitation of CVE-2014-1682 requires prior authentication as a user.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zabbix
canonical/zabbix server
version/zabbix server/1.8.19
version/zabbix server/1.8
version/zabbix server/1.8.1
version/zabbix server/1.8.2
version/zabbix server/1.8.3-rc1
version/zabbix server/1.8.3-rc2
version/zabbix server/1.8.3-rc3
version/zabbix server/1.8.15-rc1
version/zabbix server/1.8.16
version/zabbix server/1.8.18
version/zabbix server/2.0.0
version/zabbix server/2.0.0-rc1
version/zabbix server/2.0.0-rc2
version/zabbix server/2.0.0-rc3
version/zabbix server/2.0.0-rc4
version/zabbix server/2.0.0-rc5
version/zabbix server/2.0.0-rc6
version/zabbix server/2.0.1
version/zabbix server/2.0.1-rc1
version/zabbix server/2.0.1-rc2
version/zabbix server/2.0.2
version/zabbix server/2.0.2-rc1
version/zabbix server/2.0.2-rc2
version/zabbix server/2.0.3
version/zabbix server/2.0.3-rc1
version/zabbix server/2.0.3-rc2
version/zabbix server/2.0.4
version/zabbix server/2.0.4-rc1
version/zabbix server/2.0.5
version/zabbix server/2.0.5-rc1
version/zabbix server/2.0.6
version/zabbix server/2.0.6-rc1
version/zabbix server/2.0.7-rc1
version/zabbix server/2.0.8-rc1
version/zabbix server/2.0.8-rc2
version/zabbix server/2.0.9-rc1
version/zabbix server/2.0.9-rc2
version/zabbix server/2.0.10-rc1
version/zabbix server/2.2.0
version/zabbix server/2.2.0-rc1
version/zabbix server/2.2.0-rc2
version/zabbix server/2.2.1
version/zabbix server/2.2.1-rc1
vendor/fedoraproject
canonical/fedora
version/fedora/19
version/fedora/20