vulnerability

Debian: CVE-2019-15132: zabbix -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	2019-08-17	2021-04-23	2021-04-23

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

2019-08-17

Added

2021-04-23

Modified

2021-04-23

Description

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Solution

debian-upgrade-zabbix

References

CVE-2019-15132
https://attackerkb.com/topics/CVE-2019-15132
DEBIAN-DLA-2631-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today