VYPR
Critical severity9.8NVD Advisory· Published Feb 1, 2018· Updated Jun 17, 2026

CVE-2014-3005

CVE-2014-3005

Description

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zabbix/Zabbixinferred2 versions
    >=1.8.0,<1.8.21rc1 || >=2.0.0,<2.0.13rc1 || >=2.2.0,<2.2.5rc1 || >=2.3.0,<2.3.2+ 1 more
    • (no CPE)range: >=1.8.0,<1.8.21rc1 || >=2.0.0,<2.0.13rc1 || >=2.2.0,<2.2.5rc1 || >=2.3.0,<2.3.2
    • (no CPE)range: <1.8.21rc1, <2.0.13rc1, <2.2.5rc1, <2.3.2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.