Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-24349 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
2.1
2022-03-09 CVE-2022-24917 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
2.1
2022-03-09 CVE-2022-24918 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
network
high complexity
zabbix fedoraproject CWE-79
2.1
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
2.1
2022-01-27 CVE-2021-46088 Unspecified vulnerability in Zabbix
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE).
network
low complexity
zabbix
6.5
2022-01-13 CVE-2022-23131 Authentication Bypass by Spoofing vulnerability in Zabbix
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
network
high complexity
zabbix CWE-290
5.1
2022-01-13 CVE-2022-23132 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder.
network
low complexity
zabbix fedoraproject CWE-732
7.5
2022-01-13 CVE-2022-23133 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.
3.5
2022-01-13 CVE-2022-23134 Incorrect Authorization vulnerability in multiple products
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.
network
low complexity
zabbix fedoraproject debian CWE-863
5.0
2022-01-06 CVE-2022-22704 Improper Privilege Management vulnerability in Zabbix Zabbix-Agent2
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
network
low complexity
zabbix CWE-269
critical
10.0