CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3005

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile26.75th
PublishedFeb 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Affected Platforms (CPE)

πŸ“¦
Zabbix

Zabbix

= 1.8
πŸ“¦
Zabbix

Zabbix

= 1.8.1
πŸ“¦
Zabbix

Zabbix

= 1.8.2
πŸ“¦
Zabbix

Zabbix

= 1.8.3
πŸ“¦
Zabbix

Zabbix

= 1.8.4
πŸ“¦
Zabbix

Zabbix

= 1.8.5
πŸ“¦
Zabbix

Zabbix

= 1.8.6
πŸ“¦
Zabbix

Zabbix

= 1.8.7
πŸ“¦
Zabbix

Zabbix

= 1.8.8
πŸ“¦
Zabbix

Zabbix

= 1.8.9
πŸ“¦
Zabbix

Zabbix

= 1.8.10
πŸ“¦
Zabbix

Zabbix

= 1.8.11
πŸ“¦
Zabbix

Zabbix

= 1.8.12
πŸ“¦
Zabbix

Zabbix

= 1.8.13
πŸ“¦
Zabbix

Zabbix

= 1.8.14
πŸ“¦
Zabbix

Zabbix

= 1.8.15
πŸ“¦
Zabbix

Zabbix

= 1.8.16
πŸ“¦
Zabbix

Zabbix

= 1.8.17
πŸ“¦
Zabbix

Zabbix

= 1.8.18
πŸ“¦
Zabbix

Zabbix

= 1.8.19
πŸ“¦
Zabbix

Zabbix

= 1.8.20
πŸ“¦
Zabbix

Zabbix

= 2.0.0
πŸ“¦
Zabbix

Zabbix

= 2.0.1
πŸ“¦
Zabbix

Zabbix

= 2.0.2
πŸ“¦
Zabbix

Zabbix

= 2.0.3
πŸ“¦
Zabbix

Zabbix

= 2.0.4
πŸ“¦
Zabbix

Zabbix

= 2.0.5
πŸ“¦
Zabbix

Zabbix

= 2.0.6
πŸ“¦
Zabbix

Zabbix

= 2.0.7
πŸ“¦
Zabbix

Zabbix

= 2.0.8
πŸ“¦
Zabbix

Zabbix

= 2.0.9
πŸ“¦
Zabbix

Zabbix

= 2.0.10
πŸ“¦
Zabbix

Zabbix

= 2.0.11
πŸ“¦
Zabbix

Zabbix

= 2.0.12
πŸ“¦
Zabbix

Zabbix

= 2.2.0
πŸ“¦
Zabbix

Zabbix

= 2.2.1
πŸ“¦
Zabbix

Zabbix

= 2.2.2
πŸ“¦
Zabbix

Zabbix

= 2.2.3
πŸ“¦
Zabbix

Zabbix

= 2.2.4
πŸ“¦
Zabbix

Zabbix

= 2.3.0
πŸ“¦
Zabbix

Zabbix

= 2.3.1
πŸ’»
Fedoraproject

Fedora

= 19
πŸ’»
Fedoraproject

Fedora

= 20

References & Advisories

πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html
πŸ”— http://seclists.org/fulldisclosure/2014/Jun/87
πŸ”— http://www.securityfocus.com/bid/68075
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1110496
πŸ”— https://support.zabbix.com/browse/ZBX-8151
πŸ”— https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html

Related Vulnerabilities

CVE-2007-064010.0

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

CVE-2013-57439.8

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVE-2020-118009.8

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

CVE-2013-37389.8

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which coul...