Loading
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
Cite this page
CVE-2014-6261. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2014-6261
Use CWE-94, Zenoss vendor hub and Zenoss Core product page to widen CVE-2014-6261 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2014-6262, CVE-2014-9249 and CVE-2014-9386 for nearby disclosures in the same product family.