CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published: Feb 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-3005
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
zabbix / zabbix	2.0.0	2.0.0.x
zabbix / zabbix	1.8.5	1.8.5.x
zabbix / zabbix	2.0.5	2.0.5.x
zabbix / zabbix	2.0.9	2.0.9.x
zabbix / zabbix	1.8.8	1.8.8.x
zabbix / zabbix	2.2.0	2.2.0.x
zabbix / zabbix	1.8.16	1.8.16.x
zabbix / zabbix	2.0.1	2.0.1.x
zabbix / zabbix	2.0.11	2.0.11.x
zabbix / zabbix	2.0.6	2.0.6.x
zabbix / zabbix	1.8.6	1.8.6.x
zabbix / zabbix	2.0.4	2.0.4.x
zabbix / zabbix	1.8.18	1.8.18.x
zabbix / zabbix	1.8	1.8.x
zabbix / zabbix	2.0.12	2.0.12.x
zabbix / zabbix	2.2.4	2.2.4.x
zabbix / zabbix	2.0.3	2.0.3.x
zabbix / zabbix	1.8.2	1.8.2.x
zabbix / zabbix	2.2.2	2.2.2.x
zabbix / zabbix	1.8.9	1.8.9.x
zabbix / zabbix	2.2.1	2.2.1.x
zabbix / zabbix	2.0.2	2.0.2.x
zabbix / zabbix	1.8.3	1.8.3.x
zabbix / zabbix	2.0.10	2.0.10.x
zabbix / zabbix	1.8.1	1.8.1.x
zabbix / zabbix	1.8.4	1.8.4.x
zabbix / zabbix	2.2.3	2.2.3.x
zabbix / zabbix	2.0.8	2.0.8.x
zabbix / zabbix	1.8.7	1.8.7.x
zabbix / zabbix	2.0.7	2.0.7.x
zabbix / zabbix	2.3.0	2.3.0.x
zabbix / zabbix	2.3.1	2.3.1.x
zabbix / zabbix	1.8.10	1.8.10.x
zabbix / zabbix	1.8.11	1.8.11.x
zabbix / zabbix	1.8.12	1.8.12.x
zabbix / zabbix	1.8.13	1.8.13.x
zabbix / zabbix	1.8.14	1.8.14.x
zabbix / zabbix	1.8.15	1.8.15.x
zabbix / zabbix	1.8.17	1.8.17.x
zabbix / zabbix	1.8.19	1.8.19.x
zabbix / zabbix	1.8.20	1.8.20.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	19	19.x

Vulnerability Database

289,697

CVE-2014-3005