VIR Vulnerability Intelligence Relay

CVE-2014-9252

low
Published 2014-12-15 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Application impact
VendorProductVersionsFixed
zenosszenoss_core{"endIncluding":"5.0.0"}
zenosszenoss_core2.4.0
zenosszenoss_core2.4.5
zenosszenoss_core2.5.0
zenosszenoss_core2.5.1
zenosszenoss_core2.5.2
zenosszenoss_core3.0.0
zenosszenoss_core3.0.1
zenosszenoss_core3.0.2
zenosszenoss_core3.0.3
zenosszenoss_core3.1.0
zenosszenoss_core3.2.0
zenosszenoss_core3.2.1
zenosszenoss_core4.2.0
zenosszenoss_core4.2.3
zenosszenoss_core4.2.4
zenosszenoss_core4.2.5
zenosszenoss_core5.0.0

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.