Описание
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
Ссылки
- Third Party AdvisoryUS Government Resource
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharingVendor Advisory
- Third Party AdvisoryUS Government Resource
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.0 (включая)
Одно из
cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02994
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
debian
около 11 лет назад
Zenoss Core through 5 Beta 3 does not properly implement the Check For ...
github
больше 3 лет назад
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
EPSS
Процентиль: 86%
0.02994
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94