CVE-2016-10742

MEDIUM

Zabbix < 2.2.21rc1, 3.x < 3.0.13rc1, 3.1.x-3.2.x < 3.2.10rc1, 3.3.x-3.4.x < 3.4.4rc1 Open Redirect

Title source: llm
STIX 2.1

Description

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

References (4)

Core 4
Core References
Exploit, Vendor Advisory x_refsource_misc
https://support.zabbix.com/browse/ZBX-10272
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html
Vendor Advisory x_refsource_misc
https://support.zabbix.com/browse/ZBX-13133
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html

Scores

CVSS v3 6.1
EPSS 0.0286
EPSS Percentile 85.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (2)
debian/debian_linux 8.0
zabbix/zabbix < 2.2.20
Published Feb 17, 2019
Tracked Since Feb 18, 2026