The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Max CVSS
7.5
EPSS Score
0.35%
Published
2019-08-21
Updated
2019-08-30
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-08-21
Updated
2019-08-27
2 vulnerabilities found