vulnerability

Debian: CVE-2019-15132: zabbix -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 17, 2019

Added

Apr 23, 2021

Modified

Mar 30, 2026

Description

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Solution

debian-upgrade-zabbix

References

CVE-2019-15132
https://attackerkb.com/topics/CVE-2019-15132
CWE-203
DEBIAN-DLA-2631-1
EUVD-EUVD-2019-6200
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-6200

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report