Main Vulnerability Database Vulnerabilities #VU33853

Input validation error - CVE-2014-1685

Published: May 8, 2014 / Updated: August 4, 2020

Vulnerability identifier: #VU33853

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-1685

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate or delete data.

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

How to mitigate CVE-2014-1685

Install update from vendor's website.

Sources

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
https://support.zabbix.com/browse/ZBX-7693

Input validation error - CVE-2014-1685

Detailed vulnerability description

How to mitigate CVE-2014-1685

Sources

Please verify you're human