CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published: Feb 1, 2018
Updated: Nov 9, 2025
CVE: CVE-2014-3005
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
zabbix / zabbix	2.0.0	2.0.0.x
zabbix / zabbix	1.8.5	1.8.5.x
zabbix / zabbix	2.0.5	2.0.5.x
zabbix / zabbix	2.0.9	2.0.9.x
zabbix / zabbix	1.8.8	1.8.8.x
zabbix / zabbix	2.2.0	2.2.0.x
zabbix / zabbix	1.8.16	1.8.16.x
zabbix / zabbix	2.0.1	2.0.1.x
zabbix / zabbix	2.0.11	2.0.11.x
zabbix / zabbix	2.0.6	2.0.6.x
zabbix / zabbix	1.8.6	1.8.6.x
zabbix / zabbix	2.0.4	2.0.4.x
zabbix / zabbix	1.8.18	1.8.18.x
zabbix / zabbix	1.8	1.8.x
zabbix / zabbix	2.0.12	2.0.12.x
zabbix / zabbix	2.2.4	2.2.4.x
zabbix / zabbix	2.0.3	2.0.3.x
zabbix / zabbix	1.8.2	1.8.2.x
zabbix / zabbix	2.2.2	2.2.2.x
zabbix / zabbix	1.8.9	1.8.9.x
zabbix / zabbix	2.2.1	2.2.1.x
zabbix / zabbix	2.0.2	2.0.2.x
zabbix / zabbix	1.8.3	1.8.3.x
zabbix / zabbix	2.0.10	2.0.10.x
zabbix / zabbix	1.8.1	1.8.1.x
zabbix / zabbix	1.8.4	1.8.4.x
zabbix / zabbix	2.2.3	2.2.3.x
zabbix / zabbix	2.0.8	2.0.8.x
zabbix / zabbix	1.8.7	1.8.7.x
zabbix / zabbix	2.0.7	2.0.7.x
zabbix / zabbix	2.3.0	2.3.0.x
zabbix / zabbix	2.3.1	2.3.1.x
zabbix / zabbix	1.8.10	1.8.10.x
zabbix / zabbix	1.8.11	1.8.11.x
zabbix / zabbix	1.8.12	1.8.12.x
zabbix / zabbix	1.8.13	1.8.13.x
zabbix / zabbix	1.8.14	1.8.14.x
zabbix / zabbix	1.8.15	1.8.15.x
zabbix / zabbix	1.8.17	1.8.17.x
zabbix / zabbix	1.8.19	1.8.19.x
zabbix / zabbix	1.8.20	1.8.20.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	19	19.x

Vulnerability Database

CVE-2014-3005

Deep Security Visibility Without the Complexity