CVE-2014-6257

Published: Dec 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.

Affected (20)

Products: Zenoss: Zenoss Core

Zenoss

1 product

Zenoss Core

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Up to 5.0.0
Zenoss Zenoss Core	Version 2.4.0
Zenoss Zenoss Core	Version 2.4.5
Zenoss Zenoss Core	Version 2.5.0
Zenoss Zenoss Core	Version 2.5.1
Zenoss Zenoss Core	Version 2.5.2
Zenoss Zenoss Core	Version 3.0.0
Zenoss Zenoss Core	Version 3.0.1
Zenoss Zenoss Core	Version 3.0.2
Zenoss Zenoss Core	Version 3.0.3
Zenoss Zenoss Core	Version 3.1.0
Zenoss Zenoss Core	Version 3.2.0
Zenoss Zenoss Core	Version 3.2.1
Zenoss Zenoss Core	Version 4.2.0
Zenoss Zenoss Core	Version 4.2.3
Zenoss Zenoss Core	Version 4.2.4
Zenoss Zenoss Core	Version 4.2.5
Zenoss Zenoss Core	Version 5.0.0
Zenoss Zenoss Core	Version 5.0.0 beta_1
Zenoss Zenoss Core	Version 5.0.0 beta_2

Related CWEs

CWE-264

References (4)

http://www.kb.cert.org/vuls/id/449452

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.