CVE-2014-3005
CRITICAL9.8EPSS 4.3%Published: 2/1/2018Modified: 4/28/2026
Also known as:DEBIAN-CVE-2014-3005
Description
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Affected packages (1)
- Debian/zabbixfrom 0, < 1:2.2.5+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |