vulnerability

Debian: CVE-2019-15132: zabbix -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 17, 2019	Apr 23, 2021	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 17, 2019

Added

Apr 23, 2021

Modified

Aug 15, 2025

Description

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Solution

debian-upgrade-zabbix

References

CVE-2019-15132
https://attackerkb.com/topics/CVE-2019-15132
CWE-203
DEBIAN-DLA-2631-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today