Search criteria
232 vulnerabilities found for Zabbix by Zabbix
CVE-2025-49643 (GCVE-0-2025-49643)
Vulnerability from nvd – Published: 2025-12-01 13:05 – Updated: 2025-12-01 14:34
VLAI?
Title
Frontend DoS vulnerability due to asymmetric resource consumption
Summary
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Severity ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Impacted products
Credits
Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:33:57.352604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:34:20.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.42",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.41",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated user sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-490",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-490: Amplification"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:05:33.613Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend DoS vulnerability due to asymmetric resource consumption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49643",
"datePublished": "2025-12-01T13:05:33.613Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:34:20.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49642 (GCVE-0-2025-49642)
Vulnerability from nvd – Published: 2025-12-01 13:03 – Updated: 2025-12-01 14:36
VLAI?
Title
Agent builds for AIX vulnerable to library loading hijacking
Summary
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
Credits
Zabbix wants to thank José Pina Coelho for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:36:06.559257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:36:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.36",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.6",
"status": "unaffected"
}
],
"lessThan": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExploitation requires access to a local user account with write permissions to /home/cecuser.\u003c/p\u003e"
}
],
"value": "Exploitation requires access to a local user account with write permissions to /home/cecuser."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Jos\u00e9 Pina Coelho for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibrary loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.\u003c/p\u003e"
}
],
"value": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory."
}
],
"impacts": [
{
"capecId": "CAPEC-159",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-159: Redirect Access to Libraries"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:03:38.752Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate AIX Zabbix Agent packages to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update AIX Zabbix Agent packages to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent builds for AIX vulnerable to library loading hijacking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure /home/cecuser directory is only accessible to trusted users.\u003c/p\u003e"
}
],
"value": "Make sure /home/cecuser directory is only accessible to trusted users."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49642",
"datePublished": "2025-12-01T13:03:38.752Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:36:26.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27232 (GCVE-0-2025-27232)
Vulnerability from nvd – Published: 2025-12-01 12:55 – Updated: 2025-12-01 14:38
VLAI?
Title
Frontend arbitrary file read in oauth.authorize action
Summary
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Credits
Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:38:44.799482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:38:51.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:55:51.722Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend arbitrary file read in oauth.authorize action",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27232",
"datePublished": "2025-12-01T12:55:51.722Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-12-01T14:38:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49641 (GCVE-0-2025-49641)
Vulnerability from nvd – Published: 2025-10-03 11:29 – Updated: 2025-10-03 13:52
VLAI?
Title
Insufficient permission check for the problem.view.refresh action
Summary
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank Y. Kahveci for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:51:55.338553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:02.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe action problem.view.refresh could be called by a user with insufficient privileges.\u003c/p\u003e"
}
],
"value": "The action problem.view.refresh could be called by a user with insufficient privileges."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Y. Kahveci for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user with no permission to the Monitoring -\u0026gt; Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user with no permission to the Monitoring -\u003e Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:29:26.451Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27063"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient permission check for the problem.view.refresh action",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49641",
"datePublished": "2025-10-03T11:29:26.451Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-10-03T13:52:02.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27237 (GCVE-0-2025-27237)
Vulnerability from nvd – Published: 2025-10-03 11:28 – Updated: 2025-10-04 03:55
VLAI?
Title
DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
Summary
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-04T03:55:24.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent",
"Agent2"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts.\u003c/p\u003e"
}
],
"value": "A local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.\u003c/p\u003e"
}
],
"value": "In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471: Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:43.076Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27237",
"datePublished": "2025-10-03T11:28:43.076Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-04T03:55:24.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27236 (GCVE-0-2025-27236)
Vulnerability from nvd – Published: 2025-10-03 11:28 – Updated: 2025-10-03 13:52
VLAI?
Title
User information disclosure via api_jsonrpc.php on method user.get with param search
Summary
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:52:30.190057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:36.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.38",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.9",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.3",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.1",
"status": "unaffected"
}
],
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated, regular Zabbix user could data-mine some field values on other users in their group.\u003c/p\u003e"
}
],
"value": "An authenticated, regular Zabbix user could data-mine some field values on other users in their group."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116: Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:09.810Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User information disclosure via api_jsonrpc.php on method user.get with param search",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27236",
"datePublished": "2025-10-03T11:28:09.810Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-03T13:52:36.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27231 (GCVE-0-2025-27231)
Vulnerability from nvd – Published: 2025-10-03 11:25 – Updated: 2025-10-03 13:55
VLAI?
Title
LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin
Summary
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:55:44.792764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:55:51.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value.\u003c/p\u003e"
}
],
"value": "A Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change.\u003c/p\u003e"
}
],
"value": "The LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194: Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:25:14.205Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LDAP \u0027Bind password\u0027 field value can be leaked by a Zabbix Super Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27231",
"datePublished": "2025-10-03T11:25:14.205Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-10-03T13:55:51.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27240 (GCVE-0-2025-27240)
Vulnerability from nvd – Published: 2025-09-12 10:33 – Updated: 2025-09-15 12:49
VLAI?
Title
Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host
Summary
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank Grzegorz Muszyński (szerszen199) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.34",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.33",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.18",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed.\u003c/p\u003e"
}
],
"value": "The attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Grzegorz Muszy\u0144ski (szerszen199) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field.\u003c/p\u003e"
}
],
"value": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66: SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:49:03.144Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26986"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable any Autoregistration actions that remove hosts.\u003c/p\u003e"
}
],
"value": "Disable any Autoregistration actions that remove hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27240",
"datePublished": "2025-09-12T10:33:46.484Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T12:49:03.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27238 (GCVE-0-2025-27238)
Vulnerability from nvd – Published: 2025-09-12 10:33 – Updated: 2025-09-15 18:48
VLAI?
Title
API hostprototype.get lists data to users with insufficient authorization.
Summary
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
Severity ?
CWE
- :
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:54:14.863048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:48:19.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"API"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned.\u003c/p\u003e"
}
],
"value": "An attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.\u003c/p\u003e"
}
],
"value": "Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": ":"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": ":",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:33:17.753Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "API hostprototype.get lists data to users with insufficient authorization.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure there are no Zabbix users without a user group.\u003c/p\u003e"
}
],
"value": "Make sure there are no Zabbix users without a user group."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27238",
"datePublished": "2025-09-12T10:33:17.753Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T18:48:19.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27234 (GCVE-0-2025-27234)
Vulnerability from nvd – Published: 2025-09-12 10:31 – Updated: 2025-09-13 03:55
VLAI?
Title
Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.
Summary
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:34.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent2 plugin"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.47",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.46",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.\u003c/p\u003e"
}
],
"value": "An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.\u003c/p\u003e"
}
],
"value": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:31:58.770Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26985"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove smartctl or use strict item key parameter validation with AllowKey/DenyKey.\u003c/p\u003e"
}
],
"value": "Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27234",
"datePublished": "2025-09-12T10:31:58.770Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-13T03:55:34.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27233 (GCVE-0-2025-27233)
Vulnerability from nvd – Published: 2025-09-12 10:32 – Updated: 2025-09-12 11:58
VLAI?
Title
Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Summary
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:57:58.701448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T11:58:28.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent2 plugin"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.39",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.\u003c/p\u003e"
}
],
"value": "An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.\u003c/p\u003e"
}
],
"value": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:32:36.174Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26987"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove smartctl or use strict item key parameter validation with AllowKey/DenyKey.\u003c/p\u003e"
}
],
"value": "Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27233",
"datePublished": "2025-09-12T10:32:36.174Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-12T11:58:28.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49643 (GCVE-0-2025-49643)
Vulnerability from cvelistv5 – Published: 2025-12-01 13:05 – Updated: 2025-12-01 14:34
VLAI?
Title
Frontend DoS vulnerability due to asymmetric resource consumption
Summary
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Severity ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Impacted products
Credits
Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:33:57.352604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:34:20.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.42",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.41",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated user sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-490",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-490: Amplification"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:05:33.613Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend DoS vulnerability due to asymmetric resource consumption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49643",
"datePublished": "2025-12-01T13:05:33.613Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:34:20.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49642 (GCVE-0-2025-49642)
Vulnerability from cvelistv5 – Published: 2025-12-01 13:03 – Updated: 2025-12-01 14:36
VLAI?
Title
Agent builds for AIX vulnerable to library loading hijacking
Summary
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
Credits
Zabbix wants to thank José Pina Coelho for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:36:06.559257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:36:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.36",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.6",
"status": "unaffected"
}
],
"lessThan": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExploitation requires access to a local user account with write permissions to /home/cecuser.\u003c/p\u003e"
}
],
"value": "Exploitation requires access to a local user account with write permissions to /home/cecuser."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Jos\u00e9 Pina Coelho for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibrary loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.\u003c/p\u003e"
}
],
"value": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory."
}
],
"impacts": [
{
"capecId": "CAPEC-159",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-159: Redirect Access to Libraries"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:03:38.752Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate AIX Zabbix Agent packages to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update AIX Zabbix Agent packages to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent builds for AIX vulnerable to library loading hijacking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure /home/cecuser directory is only accessible to trusted users.\u003c/p\u003e"
}
],
"value": "Make sure /home/cecuser directory is only accessible to trusted users."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49642",
"datePublished": "2025-12-01T13:03:38.752Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:36:26.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27232 (GCVE-0-2025-27232)
Vulnerability from cvelistv5 – Published: 2025-12-01 12:55 – Updated: 2025-12-01 14:38
VLAI?
Title
Frontend arbitrary file read in oauth.authorize action
Summary
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Credits
Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:38:44.799482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:38:51.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:55:51.722Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend arbitrary file read in oauth.authorize action",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27232",
"datePublished": "2025-12-01T12:55:51.722Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-12-01T14:38:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49641 (GCVE-0-2025-49641)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:29 – Updated: 2025-10-03 13:52
VLAI?
Title
Insufficient permission check for the problem.view.refresh action
Summary
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank Y. Kahveci for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:51:55.338553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:02.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe action problem.view.refresh could be called by a user with insufficient privileges.\u003c/p\u003e"
}
],
"value": "The action problem.view.refresh could be called by a user with insufficient privileges."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Y. Kahveci for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user with no permission to the Monitoring -\u0026gt; Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user with no permission to the Monitoring -\u003e Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:29:26.451Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27063"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient permission check for the problem.view.refresh action",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49641",
"datePublished": "2025-10-03T11:29:26.451Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-10-03T13:52:02.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27237 (GCVE-0-2025-27237)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:28 – Updated: 2025-10-04 03:55
VLAI?
Title
DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
Summary
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-04T03:55:24.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent",
"Agent2"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts.\u003c/p\u003e"
}
],
"value": "A local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.\u003c/p\u003e"
}
],
"value": "In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471: Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:43.076Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27237",
"datePublished": "2025-10-03T11:28:43.076Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-04T03:55:24.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27236 (GCVE-0-2025-27236)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:28 – Updated: 2025-10-03 13:52
VLAI?
Title
User information disclosure via api_jsonrpc.php on method user.get with param search
Summary
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:52:30.190057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:36.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.38",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.9",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.3",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.1",
"status": "unaffected"
}
],
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated, regular Zabbix user could data-mine some field values on other users in their group.\u003c/p\u003e"
}
],
"value": "An authenticated, regular Zabbix user could data-mine some field values on other users in their group."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116: Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:09.810Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User information disclosure via api_jsonrpc.php on method user.get with param search",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27236",
"datePublished": "2025-10-03T11:28:09.810Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-03T13:52:36.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27231 (GCVE-0-2025-27231)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:25 – Updated: 2025-10-03 13:55
VLAI?
Title
LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin
Summary
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:55:44.792764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:55:51.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value.\u003c/p\u003e"
}
],
"value": "A Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change.\u003c/p\u003e"
}
],
"value": "The LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194: Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:25:14.205Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LDAP \u0027Bind password\u0027 field value can be leaked by a Zabbix Super Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27231",
"datePublished": "2025-10-03T11:25:14.205Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-10-03T13:55:51.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27240 (GCVE-0-2025-27240)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:33 – Updated: 2025-09-15 12:49
VLAI?
Title
Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host
Summary
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank Grzegorz Muszyński (szerszen199) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.34",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.33",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.18",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed.\u003c/p\u003e"
}
],
"value": "The attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Grzegorz Muszy\u0144ski (szerszen199) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field.\u003c/p\u003e"
}
],
"value": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66: SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:49:03.144Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26986"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable any Autoregistration actions that remove hosts.\u003c/p\u003e"
}
],
"value": "Disable any Autoregistration actions that remove hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27240",
"datePublished": "2025-09-12T10:33:46.484Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T12:49:03.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27238 (GCVE-0-2025-27238)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:33 – Updated: 2025-09-15 18:48
VLAI?
Title
API hostprototype.get lists data to users with insufficient authorization.
Summary
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
Severity ?
CWE
- :
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:54:14.863048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:48:19.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"API"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned.\u003c/p\u003e"
}
],
"value": "An attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.\u003c/p\u003e"
}
],
"value": "Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": ":"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": ":",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:33:17.753Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "API hostprototype.get lists data to users with insufficient authorization.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure there are no Zabbix users without a user group.\u003c/p\u003e"
}
],
"value": "Make sure there are no Zabbix users without a user group."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27238",
"datePublished": "2025-09-12T10:33:17.753Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T18:48:19.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27233 (GCVE-0-2025-27233)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:32 – Updated: 2025-09-12 11:58
VLAI?
Title
Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Summary
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:57:58.701448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T11:58:28.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent2 plugin"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.39",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.\u003c/p\u003e"
}
],
"value": "An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.\u003c/p\u003e"
}
],
"value": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:32:36.174Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26987"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove smartctl or use strict item key parameter validation with AllowKey/DenyKey.\u003c/p\u003e"
}
],
"value": "Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27233",
"datePublished": "2025-09-12T10:32:36.174Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-12T11:58:28.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27234 (GCVE-0-2025-27234)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:31 – Updated: 2025-09-13 03:55
VLAI?
Title
Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.
Summary
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:34.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent2 plugin"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.47",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.46",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.\u003c/p\u003e"
}
],
"value": "An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.\u003c/p\u003e"
}
],
"value": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:31:58.770Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26985"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove smartctl or use strict item key parameter validation with AllowKey/DenyKey.\u003c/p\u003e"
}
],
"value": "Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27234",
"datePublished": "2025-09-12T10:31:58.770Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-13T03:55:34.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1055
Vulnerability from certfr_avis - Published: 2025-12-01 - Updated: 2025-12-01
De multiples vulnérabilités ont été découvertes dans Zabbix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Zabbix | Agent | Agent versions 7.0.x antérieures à 7.0.6 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 6.x antérieures à 6.0.42 | ||
| Zabbix | Agent | Agent versions 7.2.x antérieures à 7.2.6 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 7.2.x antérieures à 7.2.13 | ||
| Zabbix | Agent | Agent versions 6.x antérieures à 6.0.40 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 7.4.x antérieures à 7.4.3 | ||
| Zabbix | Zabbix | Zabbix versions 7.0.x antérieures à 7.0.19 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Agent versions 7.0.x ant\u00e9rieures \u00e0 7.0.6 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 6.x ant\u00e9rieures \u00e0 6.0.42",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.6 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Agent versions 6.x ant\u00e9rieures \u00e0 6.0.40 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49642"
},
{
"name": "CVE-2025-49643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49643"
},
{
"name": "CVE-2025-27232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27232"
}
],
"initial_release_date": "2025-12-01T00:00:00",
"last_revision_date": "2025-12-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27282",
"url": "https://support.zabbix.com/browse/ZBX-27282"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27284",
"url": "https://support.zabbix.com/browse/ZBX-27284"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27283",
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
]
}
CERTFR-2025-AVI-0845
Vulnerability from certfr_avis - Published: 2025-10-06 - Updated: 2025-10-06
De multiples vulnérabilités ont été découvertes dans Zabbix. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.18",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27231"
},
{
"name": "CVE-2025-49641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49641"
}
],
"initial_release_date": "2025-10-06T00:00:00",
"last_revision_date": "2025-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27063",
"url": "https://support.zabbix.com/browse/ZBX-27063"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27062",
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
]
}
CERTFR-2025-AVI-0840
Vulnerability from certfr_avis - Published: 2025-10-03 - Updated: 2025-10-03
De multiples vulnérabilités ont été découvertes dans Zabbix. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Zabbix | Zabbix | Zabbix versions 6.0.x antérieures à 6.0.41 | ||
| Zabbix | N/A | Zabbix Agent versions 7.2.x antérieures à 7.2.12 | ||
| Zabbix | Zabbix | Zabbix versions 7.0.x antérieures à 7.0.17 | ||
| Zabbix | Zabbix | Zabbix versions 7.2.x antérieures à 7.2.11 | ||
| Zabbix | N/A | Zabbix Agent versions 6.0.x antérieures à 6.0.41 | ||
| Zabbix | N/A | Zabbix Agent versions 7.0.x antérieures à 7.0.18 | ||
| Zabbix | N/A | Zabbix Agent versions 7.4.x antérieures à 7.4.2 | ||
| Zabbix | Zabbix | Zabbix versions 7.4.x antérieures à 7.4.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.17",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.0.x ant\u00e9rieures \u00e0 7.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27236"
},
{
"name": "CVE-2025-27237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27237"
}
],
"initial_release_date": "2025-10-03T00:00:00",
"last_revision_date": "2025-10-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0840",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27060",
"url": "https://support.zabbix.com/browse/ZBX-27060"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27061",
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
]
}
CERTFR-2025-AVI-0786
Vulnerability from certfr_avis - Published: 2025-09-12 - Updated: 2025-09-12
De multiples vulnérabilités ont été découvertes dans Zabbix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Zabbix | N/A | Greffon smartctl pour Zabbix Agent 2 versions 5.0.x antérieures à 5.0.47 | ||
| Zabbix | Zabbix | Server version 7.2.x antérieures à 7.2.8 | ||
| Zabbix | N/A | Greffon smartctl pour Zabbix Agent 2 versions 7.0.x antérieures à 7.0.11 | ||
| Zabbix | N/A | Greffon smartctl pour Zabbix Agent 2 versions 7.2.x antérieures à 7.2.5 | ||
| Zabbix | Zabbix | Server version 6.0.x antérieures à 6.0.34 | ||
| Zabbix | N/A | Greffon smartctl pour Zabbix Agent 2 versions 6.0.x antérieures à 6.0.40 | ||
| Zabbix | Zabbix | Server version 7.0.x antérieures à 7.0.14 | ||
| Zabbix | Zabbix | Server version 6.4.x antérieures à 6.4.19 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Greffon smartctl pour Zabbix Agent 2 versions 5.0.x ant\u00e9rieures \u00e0 5.0.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Server version 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Greffon smartctl pour Zabbix Agent 2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Greffon smartctl pour Zabbix Agent 2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Server version 6.0.x ant\u00e9rieures \u00e0 6.0.34",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Greffon smartctl pour Zabbix Agent 2 versions 6.0.x ant\u00e9rieures \u00e0 6.0.40",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Server version 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Server version 6.4.x ant\u00e9rieures \u00e0 6.4.19",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27234"
},
{
"name": "CVE-2025-27240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27240"
},
{
"name": "CVE-2025-27238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27238"
},
{
"name": "CVE-2025-27233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27233"
}
],
"initial_release_date": "2025-09-12T00:00:00",
"last_revision_date": "2025-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0786",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26986",
"url": "https://support.zabbix.com/browse/ZBX-26986"
},
{
"published_at": "2025-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26988",
"url": "https://support.zabbix.com/browse/ZBX-26988"
},
{
"published_at": "2025-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26985",
"url": "https://support.zabbix.com/browse/ZBX-26985"
},
{
"published_at": "2025-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26987",
"url": "https://support.zabbix.com/browse/ZBX-26987"
}
]
}
VAR-201008-0180
Vulnerability from variot - Updated: 2025-04-11 23:15Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Zabbix is a CS network distributed network monitoring system. ZABBIX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ZABBIX version 1.8.2 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
TITLE: Zabbix PHP Frontend "formatQuery()" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA40679
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40679
RELEASE DATE: 2010-07-28
DISCUSS ADVISORY: http://secunia.com/advisories/40679/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40679/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40679
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Zabbix, which can be exploited by malicious people to conduct cross-site scripting attacks.
Various input is not properly sanitised by the "formatQuery()" function of the "Curl" class in frontends/php/include/classes/class.curl.php before being returned to the user.
SOLUTION: Fixed in version 1.8.3-rc1.
PROVIDED AND/OR DISCOVERED BY: Reported as a normal bug by alixen. Later independently reported as cross-site scripting vulnerabilities in frontends/php/tr_status.php by Vupen.
ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/forum/showthread.php?p=68770 https://support.zabbix.com/browse/ZBX-2326
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.5.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.5.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.9"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.5.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.1"
},
{
"model": "zabbix",
"scope": "lte",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.2"
},
{
"model": "zabbix",
"scope": "lt",
"trust": 0.8,
"vendor": "zabbix",
"version": "1.8.3rc1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "BID",
"id": "42017"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zabbix:zabbix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alixen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2790",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2790",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2790",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-024",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Zabbix is a CS network distributed network monitoring system. ZABBIX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nZABBIX version 1.8.2 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nZabbix PHP Frontend \"formatQuery()\" Cross-Site Scripting\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA40679\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40679/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40679\n\nRELEASE DATE:\n2010-07-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40679/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40679/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40679\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Zabbix, which can be exploited\nby malicious people to conduct cross-site scripting attacks. \n\nVarious input is not properly sanitised by the \"formatQuery()\"\nfunction of the \"Curl\" class in\nfrontends/php/include/classes/class.curl.php before being returned to\nthe user. \n\nSOLUTION:\nFixed in version 1.8.3-rc1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a normal bug by alixen. Later independently reported as\ncross-site scripting vulnerabilities in frontends/php/tr_status.php\nby Vupen. \n\nORIGINAL ADVISORY:\nZabbix:\nhttp://www.zabbix.com/forum/showthread.php?p=68770\nhttps://support.zabbix.com/browse/ZBX-2326\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2790"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "BID",
"id": "42017"
},
{
"db": "PACKETSTORM",
"id": "92257"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "42017",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "40679",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2010-2790",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1908",
"trust": 2.4
},
{
"db": "XF",
"id": "60772",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1470",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "92257",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "BID",
"id": "42017"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "PACKETSTORM",
"id": "92257"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"id": "VAR-201008-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
}
]
},
"last_update_date": "2025-04-11T23:15:38.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "rn1.8.3",
"trust": 0.8,
"url": "http://www.zabbix.com/rn1.8.3.php"
},
{
"title": "Zabbix 1.8.3rc1 released",
"trust": 0.8,
"url": "http://www.zabbix.com/forum/showthread.php?p=68770"
},
{
"title": "ZBX-2326",
"trust": 0.8,
"url": "https://support.zabbix.com/browse/ZBX-2326"
},
{
"title": "Patch for ZABBIX \u0027formatQuery()\u0027 cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/724"
},
{
"title": "zabbix-1.8.3",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/40679"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/42017"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/1908"
},
{
"trust": 2.0,
"url": "https://support.zabbix.com/browse/zbx-2326"
},
{
"trust": 1.7,
"url": "http://www.zabbix.com/forum/showthread.php?p=68770"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60772"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2790"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/60772"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2790"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/40679/"
},
{
"trust": 0.3,
"url": "http://www.zabbix.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40679/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40679"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "BID",
"id": "42017"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "PACKETSTORM",
"id": "92257"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"db": "BID",
"id": "42017"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"db": "PACKETSTORM",
"id": "92257"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"date": "2010-07-28T00:00:00",
"db": "BID",
"id": "42017"
},
{
"date": "2010-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"date": "2010-07-28T14:42:01",
"db": "PACKETSTORM",
"id": "92257"
},
{
"date": "2010-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"date": "2010-08-05T13:23:09.680000",
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1470"
},
{
"date": "2015-04-13T21:48:00",
"db": "BID",
"id": "42017"
},
{
"date": "2010-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001957"
},
{
"date": "2023-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-024"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zabbix of formatQuery Function vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001957"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "92257"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-024"
}
],
"trust": 0.7
}
}
VAR-201208-0374
Vulnerability from variot - Updated: 2025-04-11 22:56SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Zabbix is an enterprise-class open source solution that provides distributed system monitoring and network monitoring based on a web interface. ZABBIX is prone to an SQL-injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to ZABBIX 2.0.2 are vulnerable. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi
TITLE: Zabbix "itemid" SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA49809
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49809/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49809
RELEASE DATE: 2012-07-25
DISCUSS ADVISORY: http://secunia.com/advisories/49809/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49809/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49809
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Zabbix, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 2.0.1.
SOLUTION: Fixed in version 2.0.2rc2. Also fixed in the GIT repository.
PROVIDED AND/OR DISCOVERED BY: muts
ORIGINAL ADVISORY: Zabbix: https://support.zabbix.com/browse/ZBX-5348 http://git.zabbixzone.com/zabbix2.0/.git/commit/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54
muts: http://www.exploit-db.com/exploits/20087/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
For more information: SA49809
SOLUTION: Apply updated packages via the apt-get package manager. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2539-1 security@debian.org http://www.debian.org/security/ Raphael Geissert September 06, 2012 http://www.debian.org/security/faq
Package : zabbix Vulnerability : SQL injection Problem type : remote Debian-specific: no CVE ID : CVE-2012-3435 Debian Bug : 683273
It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query.
For the testing distribution (wheezy), this problem will be fixed soon.
We recommend that you upgrade your zabbix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBIX7AACgkQYy49rUbZzlrfKwCdGUAYYsmuSFcaKKjgaap5PmSg Yj4AoJ6SogKTB06ZEoEwxkCAhGv7XIvO =lWI6 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201311-15
http://security.gentoo.org/
Severity: Normal Title: Zabbix: Multiple vulnerabilities Date: November 25, 2013 Bugs: #312875, #394497, #428372, #452878, #486696 ID: 201311-15
Synopsis
Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure.
Background
Zabbix is software for monitoring applications, networks, and servers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2
Description
Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Zabbix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2"
References
[ 1 ] CVE-2010-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277 [ 2 ] CVE-2011-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904 [ 3 ] CVE-2011-3263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263 [ 4 ] CVE-2011-4674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674 [ 5 ] CVE-2012-3435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435 [ 6 ] CVE-2013-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364 [ 7 ] CVE-2013-5572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "zabbix",
"version": "1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.7.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.7.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.6.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.7.4"
},
{
"model": null,
"scope": "eq",
"trust": 1.4,
"vendor": "zabbix",
"version": "2.0.0"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.3,
"vendor": "zabbix",
"version": "2.0.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.9"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.5"
},
{
"model": "zabbix",
"scope": "lte",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.15"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "2.0.0"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.9"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.9,
"vendor": "zabbix",
"version": "1.8.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.8,
"vendor": "zabbix",
"version": "2.0.2rc1"
},
{
"model": "zabbix",
"scope": "lt",
"trust": 0.8,
"vendor": "zabbix",
"version": "2.x"
},
{
"model": "zabbix",
"scope": "lte",
"trust": 0.8,
"vendor": "zabbix",
"version": "1.8.15rc1 and earlier"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "zabbix",
"version": "1.8.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "zabbix",
"version": "2.0.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 0.3,
"vendor": "zabbix",
"version": "2.0"
},
{
"model": "fedora epel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "zabbix",
"scope": "ne",
"trust": 0.3,
"vendor": "zabbix",
"version": "2.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.1.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.6.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.7.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zabbix:zabbix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "muts",
"sources": [
{
"db": "BID",
"id": "54661"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3435",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3435",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3435",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-600",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Zabbix is an enterprise-class open source solution that provides distributed system monitoring and network monitoring based on a web interface. ZABBIX is prone to an SQL-injection vulnerability. \nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nVersions prior to ZABBIX 2.0.2 are vulnerable. ----------------------------------------------------------------------\n\nWe are millions! Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nZabbix \"itemid\" SQL Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49809\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49809/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49809\n\nRELEASE DATE:\n2012-07-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49809/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49809/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49809\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Zabbix, which can be exploited\nby malicious people to conduct SQL injection attacks. This can be\nexploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nThe vulnerability is reported in version 2.0.1. \n\nSOLUTION:\nFixed in version 2.0.2rc2. Also fixed in the GIT repository. \n\nPROVIDED AND/OR DISCOVERED BY:\nmuts\n\nORIGINAL ADVISORY:\nZabbix:\nhttps://support.zabbix.com/browse/ZBX-5348\nhttp://git.zabbixzone.com/zabbix2.0/.git/commit/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54\n\nmuts:\nhttp://www.exploit-db.com/exploits/20087/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \n\nFor more information:\nSA49809\n\nSOLUTION:\nApply updated packages via the apt-get package manager. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2539-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 06, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : zabbix\nVulnerability : SQL injection\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3435\nDebian Bug : 683273\n\nIt was discovered that Zabbix, a network monitoring solution, does not\nproperly validate user input used as a part of an SQL query. \n\nFor the testing distribution (wheezy), this problem will be fixed soon. \n\nWe recommend that you upgrade your zabbix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niEYEARECAAYFAlBIX7AACgkQYy49rUbZzlrfKwCdGUAYYsmuSFcaKKjgaap5PmSg\nYj4AoJ6SogKTB06ZEoEwxkCAhGv7XIvO\n=lWI6\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201311-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zabbix: Multiple vulnerabilities\n Date: November 25, 2013\n Bugs: #312875, #394497, #428372, #452878, #486696\n ID: 201311-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Zabbix, possibly leading to\nSQL injection attacks, Denial of Service, or information disclosure. \n\nBackground\n==========\n\nZabbix is software for monitoring applications, networks, and servers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/zabbix \u003c 2.0.9_rc1-r2 \u003e= 2.0.9_rc1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Zabbix. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to execute arbitrary SQL statements,\ncause a Denial of Service condition, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zabbix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-analyzer/zabbix-2.0.9_rc1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1277\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277\n[ 2 ] CVE-2011-2904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904\n[ 3 ] CVE-2011-3263\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263\n[ 4 ] CVE-2011-4674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674\n[ 5 ] CVE-2012-3435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435\n[ 6 ] CVE-2013-1364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364\n[ 7 ] CVE-2013-5572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201311-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3435"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
},
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "114993"
},
{
"db": "PACKETSTORM",
"id": "116281"
},
{
"db": "PACKETSTORM",
"id": "116311"
},
{
"db": "PACKETSTORM",
"id": "124173"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3435",
"trust": 3.1
},
{
"db": "BID",
"id": "54661",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "49809",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "20087",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "84127",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/07/28/3",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/07/27/6",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "50475",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-3918",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708",
"trust": 0.8
},
{
"db": "XF",
"id": "77195",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20120727 ZABBIX SQL INJECTION FLAW (CVE REQUEST)",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20120728 RE: ZABBIX SQL INJECTION FLAW (CVE REQUEST)",
"trust": 0.6
},
{
"db": "IVD",
"id": "D67C7E64-1F5E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "114993",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116281",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124173",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "PACKETSTORM",
"id": "114993"
},
{
"db": "PACKETSTORM",
"id": "116281"
},
{
"db": "PACKETSTORM",
"id": "116311"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"id": "VAR-201208-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
}
]
},
"last_update_date": "2025-04-11T22:56:24.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2539",
"trust": 0.8,
"url": "http://www.debian.org/security/2012/dsa-2539"
},
{
"title": "zabbix2.0/.git/commitdiff",
"trust": 0.8,
"url": "http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54"
},
{
"title": "ZBX-5348",
"trust": 0.8,
"url": "https://support.zabbix.com/browse/ZBX-5348"
},
{
"title": "ZABBIX \u0027itemid\u0027 parameter SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/19262"
},
{
"title": "zabbix-2.0.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.zabbix.com/browse/zbx-5348"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/54661"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2012/07/28/3"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/6"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/20087"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49809"
},
{
"trust": 1.6,
"url": "http://osvdb.org/84127"
},
{
"trust": 1.6,
"url": "http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2539"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/50475"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77195"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3435"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3435"
},
{
"trust": 0.6,
"url": "http://git.zabbixzone.com/zabbix2.0/.git/commit/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54http"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843927"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/77195"
},
{
"trust": 0.3,
"url": "http://www.zabbix.com/rn2.0.1.php"
},
{
"trust": 0.3,
"url": "http://www.zabbix.com/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843928"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843929"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3435"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/20087/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49809/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49809/#comments"
},
{
"trust": 0.1,
"url": "http://git.zabbixzone.com/zabbix2.0/.git/commit/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49809"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50475"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50475/"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2012/msg00180.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50475/#comments"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4674"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3263"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3435"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201311-15.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1277"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2904"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "PACKETSTORM",
"id": "114993"
},
{
"db": "PACKETSTORM",
"id": "116281"
},
{
"db": "PACKETSTORM",
"id": "116311"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"db": "PACKETSTORM",
"id": "114993"
},
{
"db": "PACKETSTORM",
"id": "116281"
},
{
"db": "PACKETSTORM",
"id": "116311"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-27T00:00:00",
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"date": "2012-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"date": "2012-07-24T00:00:00",
"db": "BID",
"id": "54661"
},
{
"date": "2012-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"date": "2012-07-25T04:55:22",
"db": "PACKETSTORM",
"id": "114993"
},
{
"date": "2012-09-06T06:37:52",
"db": "PACKETSTORM",
"id": "116281"
},
{
"date": "2012-09-07T03:06:39",
"db": "PACKETSTORM",
"id": "116311"
},
{
"date": "2013-11-25T23:55:55",
"db": "PACKETSTORM",
"id": "124173"
},
{
"date": "2012-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"date": "2012-08-15T20:55:03.070000",
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"date": "2015-04-13T22:08:00",
"db": "BID",
"id": "54661"
},
{
"date": "2012-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003708"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-600"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZABBIX \u0027itemid\u0027 parameter SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3918"
},
{
"db": "BID",
"id": "54661"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "d67c7e64-1f5e-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "114993"
},
{
"db": "PACKETSTORM",
"id": "116281"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-600"
}
],
"trust": 1.0
}
}
VAR-201112-0335
Vulnerability from variot - Updated: 2025-04-11 22:56SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. ZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201311-15
http://security.gentoo.org/
Severity: Normal Title: Zabbix: Multiple vulnerabilities Date: November 25, 2013 Bugs: #312875, #394497, #428372, #452878, #486696 ID: 201311-15
Synopsis
Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure.
Background
Zabbix is software for monitoring applications, networks, and servers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2
Description
Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Zabbix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2"
References
[ 1 ] CVE-2010-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277 [ 2 ] CVE-2011-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904 [ 3 ] CVE-2011-3263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263 [ 4 ] CVE-2011-4674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674 [ 5 ] CVE-2012-3435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435 [ 6 ] CVE-2013-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364 [ 7 ] CVE-2013-5572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zabbix",
"scope": "eq",
"trust": 3.3,
"vendor": "zabbix",
"version": "1.8.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 3.3,
"vendor": "zabbix",
"version": "1.8.3"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "zabbix",
"scope": "ne",
"trust": 0.3,
"vendor": "zabbix",
"version": "1.8.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.8.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "zabbix",
"version": "1.8.4"
}
],
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "BID",
"id": "50803"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zabbix:zabbix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "M?cio Almeida de Mac?o",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
}
],
"trust": 0.6
},
"cve": "CVE-2011-4674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4674",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-4674",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201311-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zabbix: Multiple vulnerabilities\n Date: November 25, 2013\n Bugs: #312875, #394497, #428372, #452878, #486696\n ID: 201311-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Zabbix, possibly leading to\nSQL injection attacks, Denial of Service, or information disclosure. \n\nBackground\n==========\n\nZabbix is software for monitoring applications, networks, and servers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/zabbix \u003c 2.0.9_rc1-r2 \u003e= 2.0.9_rc1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Zabbix. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to execute arbitrary SQL statements,\ncause a Denial of Service condition, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zabbix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-analyzer/zabbix-2.0.9_rc1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1277\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277\n[ 2 ] CVE-2011-2904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904\n[ 3 ] CVE-2011-3263\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263\n[ 4 ] CVE-2011-4674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674\n[ 5 ] CVE-2012-3435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435\n[ 6 ] CVE-2013-1364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364\n[ 7 ] CVE-2013-5572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201311-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "BID",
"id": "50803"
},
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "124173"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50803",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-4674",
"trust": 3.0
},
{
"db": "EXPLOIT-DB",
"id": "18155",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-443",
"trust": 0.6
},
{
"db": "XF",
"id": "71479",
"trust": 0.6
},
{
"db": "IVD",
"id": "CCC54B70-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "124173",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "BID",
"id": "50803"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"id": "VAR-201112-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
}
]
},
"last_update_date": "2025-04-11T22:56:24.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZBX-4385",
"trust": 0.8,
"url": "https://support.zabbix.com/browse/ZBX-4385"
},
{
"title": "ZABBIX \u0027only_hostid\u0027 parameter SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/6037"
},
{
"title": "zabbix-1.8.9",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41938"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/50803"
},
{
"trust": 1.6,
"url": "https://support.zabbix.com/browse/zbx-4385"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18155"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4674"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4674"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/71479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4674"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3263"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3435"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201311-15.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1277"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3435"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "BID",
"id": "50803"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"db": "PACKETSTORM",
"id": "124173"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-25T00:00:00",
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50803"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"date": "2013-11-25T23:55:55",
"db": "PACKETSTORM",
"id": "124173"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"date": "2011-12-02T18:55:02.967000",
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"date": "2015-04-13T21:58:00",
"db": "BID",
"id": "50803"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003195"
},
{
"date": "2011-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-017"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZABBIX \u0027only_hostid\u0027 parameter SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5067"
},
{
"db": "BID",
"id": "50803"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-443"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-017"
}
],
"trust": 1.4
}
}
VAR-201112-0115
Vulnerability from variot - Updated: 2025-04-11 22:53Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \"alert( 'XSS') Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible. ZABBIX 1.8.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Zabbix Two Script Insertion Vulnerabilities
SECUNIA ADVISORY ID: SA47216
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
RELEASE DATE: 2011-12-16
DISCUSS ADVISORY: http://secunia.com/advisories/47216/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47216/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47216
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Zabbix, which can be exploited by malicious users to conduct script insertion attacks.
Successful exploitation of this vulnerability requires access rights to modify "host group" names.
2) Certain unspecified input to the profiler is not properly sanitised before being used.
The vulnerabilities are reported in version 1.8.5.
SOLUTION: Fixed in version 1.8.10rc.
PROVIDED AND/OR DISCOVERED BY: 1) Martina Matari within a Zabbix bug report. 2) Reported by the vendor.
ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/rn1.8.10rc1.php https://support.zabbix.com/browse/ZBX-4015
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zabbix",
"scope": "eq",
"trust": 1.9,
"vendor": "zabbix",
"version": "1.8.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.6,
"vendor": "zabbix",
"version": "1.4.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.9"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.10"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.9"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.2"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.6"
},
{
"model": "zabbix",
"scope": "lte",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.10"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.8"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.4"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.6.3"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.5.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.3.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.1.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.7.1"
},
{
"model": "zabbix",
"scope": "eq",
"trust": 1.0,
"vendor": "zabbix",
"version": "1.8.4"
},
{
"model": "zabbix",
"scope": "lt",
"trust": 0.8,
"vendor": "zabbix",
"version": "1.8.10"
},
{
"model": "1.8.10rc",
"scope": "ne",
"trust": 0.3,
"vendor": "zabbix",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "BID",
"id": "51093"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zabbix:zabbix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martina Matari and Zabbix",
"sources": [
{
"db": "BID",
"id": "51093"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-354"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5027",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-5027",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5027",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-5027",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-481",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Zabbix is a CS network distributed network monitoring system. The gname variable is not properly filtered when creating users and host groups. The following URL can cause persistent XSS attacks: URL: hostgroups.php usergrps.php Affected Parameters: gname Method: POST Injection: \\\"\u003c/options\u003e\u003cscript\u003ealert( \u0027XSS\u0027)\u003c/script\u003e Persists in: http://test/zabbix/hostgroups.php http://test/zabbix/users.php http://test/zabbix/hosts.php?form=update. ZABBIX is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible. \nZABBIX 1.8.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nZabbix Two Script Insertion Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47216\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47216/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47216\n\nRELEASE DATE:\n2011-12-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47216/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47216/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47216\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Zabbix, which can be\nexploited by malicious users to conduct script insertion attacks. \n\nSuccessful exploitation of this vulnerability requires access rights\nto modify \"host group\" names. \n\n2) Certain unspecified input to the profiler is not properly\nsanitised before being used. \n\nThe vulnerabilities are reported in version 1.8.5. \n\nSOLUTION:\nFixed in version 1.8.10rc. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Martina Matari within a Zabbix bug report. \n2) Reported by the vendor. \n\nORIGINAL ADVISORY:\nZabbix:\nhttp://www.zabbix.com/rn1.8.10rc1.php\nhttps://support.zabbix.com/browse/ZBX-4015\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5027"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "BID",
"id": "51093"
},
{
"db": "PACKETSTORM",
"id": "107954"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5027",
"trust": 2.7
},
{
"db": "BID",
"id": "51093",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "47216",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "77772",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5355",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-354",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "107954",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "BID",
"id": "51093"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "PACKETSTORM",
"id": "107954"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"id": "VAR-201112-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
}
]
},
"last_update_date": "2025-04-11T22:53:52.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZBX-4015",
"trust": 0.8,
"url": "https://support.zabbix.com/browse/ZBX-4015"
},
{
"title": "ZABBIX has multiple patches for HTML injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/6377"
},
{
"title": "zabbix-1.8.10",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42237"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://support.zabbix.com/browse/zbx-4015"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51093"
},
{
"trust": 1.6,
"url": "http://www.zabbix.com/rn1.8.10.php"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47216"
},
{
"trust": 1.6,
"url": "http://osvdb.org/77772"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-january/071687.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-january/071660.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5027"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5027"
},
{
"trust": 0.4,
"url": "http://www.zabbix.com/rn1.8.10rc1.php"
},
{
"trust": 0.3,
"url": "http://www.zabbix.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47216/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47216"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47216/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "BID",
"id": "51093"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "PACKETSTORM",
"id": "107954"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"db": "BID",
"id": "51093"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"db": "PACKETSTORM",
"id": "107954"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"date": "2011-12-16T00:00:00",
"db": "BID",
"id": "51093"
},
{
"date": "2012-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"date": "2011-12-16T04:27:38",
"db": "PACKETSTORM",
"id": "107954"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"date": "2011-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"date": "2011-12-29T22:55:01.203000",
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5355"
},
{
"date": "2015-04-16T17:49:00",
"db": "BID",
"id": "51093"
},
{
"date": "2012-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003584"
},
{
"date": "2011-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"date": "2011-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-481"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-5027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-354"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zabbix Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-481"
}
],
"trust": 0.6
}
}