{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T02:47:36.002","vulnerabilities":[{"cve":{"id":"CVE-2014-9385","sourceIdentifier":"cret@cert.org","published":"2014-12-15T18:59:27.723","lastModified":"2026-05-06T22:30:45.220","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388."},{"lang":"es","value":"Vulnerabilidad de CSRF en Zenoss Core hasta 5 Beta 3 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan la ejecución de código arbitrario a través de una subida de ZenPack, también conocido como ZEN-15388."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"81B69C06-16CA-4A73-8EF8-3E2103D14438"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*","matchCriteriaId":"33BCBA94-31A9-4B0B-943D-8BB31B552B55"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4CD24A2C-C0B5-43B3-8F8E-7E72FF8B65B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F73AE1C8-8EF9-4AD2-88A9-5108B0B64D8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"B4C24942-BE6F-4BDF-8642-4458229F8995"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BCCAE80F-40D6-44B4-8253-5A27B2A2E015"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"020D8B51-8378-4E4B-A72F-6B5C7ED9CEDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"84FFAAE5-E7EC-40D7-8BEC-335FB6A9EA56"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AE2CE264-118C-4EE1-9454-7940B6EE7704"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"498262F4-FDA2-4FAD-A45A-1C0EE87F83FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"2CAD8E20-EB1E-49E7-9620-539749F125C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"B696A404-81CD-4F97-9C45-4E0667685BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B6F74787-A72A-4C79-8682-91DD6BE85E78"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7803AA36-92DC-4362-AB99-99A06B1329EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"60BDF496-3032-48E2-AAE4-849488F308A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"D37107EA-3F8B-44A3-BE8E-B8F8C6B5CB62"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1C692049-A157-4783-B559-557E572FCE16"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*","matchCriteriaId":"38074012-8B78-42B6-B2F5-6BDB84517990"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*","matchCriteriaId":"05E299D7-0960-40FB-8B6F-A01A047F0A77"},{"vulnerable":true,"criteria":"cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_3:*:*:*:*:*:*","matchCriteriaId":"31A9F2B8-5706-49DC-B0AC-C74504140D2E"}]}]}],"references":[{"url":"http://www.kb.cert.org/vuls/id/449452","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing","source":"cret@cert.org"},{"url":"http://www.kb.cert.org/vuls/id/449452","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Zenoss","comment":"Addressed in 5.0.","lastModified":"2016-03-21T12:15:50.807"}]}}]}