Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-36469 (GCVE-0-2024-36469)
Vulnerability from cvelistv5 – Published: 2025-04-02 06:11 – Updated: 2025-11-03 19:30
VLAI
EPSS
Title
User enumeration via timing attack in Zabbix web interface
Summary
Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
Severity
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
1 reference
Impacted products
Credits
Zabbix wants to thank Jens Just Iversen (jensji) for submitting this report on the HackerOne bug bounty platform
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:00:32.104539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:07:02.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:06.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Zabbix web interface",
"Zabbix API"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.46rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.45",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.0.38rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.37",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.9rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.3rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Jens Just Iversen (jensji) for submitting this report on the HackerOne bug bounty platform"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eExecution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one."
}
],
"impacts": [
{
"capecId": "CAPEC-462",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-462: Cross-Domain Search Timing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T06:11:55.000Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26255"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User enumeration via timing attack in Zabbix web interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2024-36469",
"datePublished": "2025-04-02T06:11:55.000Z",
"dateReserved": "2024-05-28T11:21:24.947Z",
"dateUpdated": "2025-11-03T19:30:06.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-36469",
"date": "2026-05-26",
"epss": "0.00121",
"percentile": "0.30509"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36469\",\"sourceIdentifier\":\"security@zabbix.com\",\"published\":\"2025-04-02T07:15:40.147\",\"lastModified\":\"2025-11-03T20:16:14.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.\"},{\"lang\":\"es\",\"value\":\"El tiempo de ejecuci\u00f3n de un inicio de sesi\u00f3n fallido difiere cuando se utiliza un nombre de usuario inexistente en comparaci\u00f3n con el uso de uno existente.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-208\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.46\",\"matchCriteriaId\":\"D9D57D87-7684-4BF9-AB1E-C86ACF6BC2F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.38\",\"matchCriteriaId\":\"929F76B0-687E-4A4A-B4D9-D39CAC0FEFAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.9\",\"matchCriteriaId\":\"62B11380-796B-4BB7-97C5-31E5F4E997FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.3\",\"matchCriteriaId\":\"CBB5F294-AB64-4047-A1C6-2C3ACF3251B3\"}]}]}],\"references\":[{\"url\":\"https://support.zabbix.com/browse/ZBX-26255\",\"source\":\"security@zabbix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36469\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-02T15:00:32.104539Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-02T15:01:06.078Z\"}}], \"cna\": {\"title\": \"User enumeration via timing attack in Zabbix web interface\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Zabbix wants to thank Jens Just Iversen (jensji) for submitting this report on the HackerOne bug bounty platform\"}], \"impacts\": [{\"capecId\": \"CAPEC-462\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-462: Cross-Domain Search Timing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://git.zabbix.com/\", \"vendor\": \"Zabbix\", \"modules\": [\"Zabbix web interface\", \"Zabbix API\"], \"product\": \"Zabbix\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"5.0.46rc1\", \"status\": \"unaffected\"}], \"version\": \"5.0.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"5.0.45\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"6.0.38rc1\", \"status\": \"unaffected\"}], \"version\": \"6.0.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"6.0.37\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"7.0.9rc1\", \"status\": \"unaffected\"}], \"version\": \"7.0.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"7.0.8\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"7.2.3rc1\", \"status\": \"unaffected\"}], \"version\": \"7.2.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"7.2.2\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.zabbix.com/browse/ZBX-26255\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003eExecution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.\u003c/div\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-208\", \"description\": \"CWE-208: Observable Timing Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"72de3e22-0555-4a0d-ae81-9249e0f0a1e8\", \"shortName\": \"Zabbix\", \"dateUpdated\": \"2025-04-02T06:11:55.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-36469\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T15:07:02.718Z\", \"dateReserved\": \"2024-05-28T11:21:24.947Z\", \"assignerOrgId\": \"72de3e22-0555-4a0d-ae81-9249e0f0a1e8\", \"datePublished\": \"2025-04-02T06:11:55.000Z\", \"assignerShortName\": \"Zabbix\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0260
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Zabbix. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.39rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.10rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.4rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 5.0.x ant\u00e9rieures \u00e0 5.0.46rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36465"
},
{
"name": "CVE-2024-42325",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42325"
},
{
"name": "CVE-2024-45700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45700"
},
{
"name": "CVE-2024-45699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45699"
},
{
"name": "CVE-2024-36469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36469"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0260",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26257",
"url": "https://support.zabbix.com/browse/ZBX-26257"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26258",
"url": "https://support.zabbix.com/browse/ZBX-26258"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26255",
"url": "https://support.zabbix.com/browse/ZBX-26255"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26254",
"url": "https://support.zabbix.com/browse/ZBX-26254"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26253",
"url": "https://support.zabbix.com/browse/ZBX-26253"
}
]
}
CERTFR-2025-AVI-0260
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Zabbix. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.39rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.10rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.4rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 5.0.x ant\u00e9rieures \u00e0 5.0.46rc1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36465"
},
{
"name": "CVE-2024-42325",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42325"
},
{
"name": "CVE-2024-45700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45700"
},
{
"name": "CVE-2024-45699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45699"
},
{
"name": "CVE-2024-36469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36469"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0260",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26257",
"url": "https://support.zabbix.com/browse/ZBX-26257"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26258",
"url": "https://support.zabbix.com/browse/ZBX-26258"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26255",
"url": "https://support.zabbix.com/browse/ZBX-26255"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26254",
"url": "https://support.zabbix.com/browse/ZBX-26254"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-26253",
"url": "https://support.zabbix.com/browse/ZBX-26253"
}
]
}
BDU:2025-07164
Vulnerability from fstec - Published: 01.04.2025
VLAI
Title
Уязвимость сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость сервера универсальной системы мониторинга Zabbix связана с манипулированием неизвестным входом приводящее к уязвимости несоответствия времени. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity
Vendor
ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Zabbix LLC.
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), АЛЬТ СП 10, Zabbix
Software Version
7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (АЛЬТ СП 10), 1.8 (Astra Linux Special Edition), от 5.0.0 до 5.0.45 включительно (Zabbix), от 6.0.0 до 6.0.37 включительно (Zabbix), от 7.0.0 до 7.0.8 включительно (Zabbix), от 7.2.0 до 7.2.2 включительно (Zabbix), 3.8 (Astra Linux Special Edition)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Zabbix:
https://support.zabbix.com/browse/ZBX-26255
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Astra Linux:
обновить пакет zabbix до 1:7.0.10+dfsg-2.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18
Для ОС Astra Linux:
обновить пакет zabbix до 1:7.0.10+dfsg-2astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
Для ОС Astra Linux:
обновить пакет zabbix до 1:7.0.10+dfsg-2astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47
Для ОС Astra Linux:
обновить пакет zabbix до 1:7.0.10+dfsg-2+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
Для ОС Astra Linux:
обновить пакет zabbix до 1:7.0.10+dfsg-2+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
Reference
https://redos.red-soft.ru/support/secure/
https://support.zabbix.com/browse/ZBX-26255
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE74
https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
CWE
CWE-208
{
"CVSS 2.0": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Zabbix LLC.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 1.8 (Astra Linux Special Edition), \u043e\u0442 5.0.0 \u0434\u043e 5.0.45 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), \u043e\u0442 6.0.0 \u0434\u043e 6.0.37 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), \u043e\u0442 7.0.0 \u0434\u043e 7.0.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), \u043e\u0442 7.2.0 \u0434\u043e 7.2.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), 3.8 (Astra Linux Special Edition)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Zabbix:\nhttps://support.zabbix.com/browse/ZBX-26255\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:7.0.10+dfsg-2.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:7.0.10+dfsg-2astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:7.0.10+dfsg-2astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:7.0.10+dfsg-2+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:7.0.10+dfsg-2+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.06.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-07164",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-36469",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Zabbix",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 3.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Zabbix, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0423\u0442\u0435\u0447\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439 (CWE-208)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Zabbix \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u0432\u0445\u043e\u0434\u043e\u043c \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0435 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://support.zabbix.com/browse/ZBX-26255\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE74\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-208",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,8)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,1)"
}
FKIE_CVE-2024-36469
Vulnerability from fkie_nvd - Published: 2025-04-02 07:15 - Updated: 2025-11-03 20:16
Severity
Summary
Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D57D87-7684-4BF9-AB1E-C86ACF6BC2F2",
"versionEndExcluding": "5.0.46",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "929F76B0-687E-4A4A-B4D9-D39CAC0FEFAE",
"versionEndExcluding": "6.0.38",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62B11380-796B-4BB7-97C5-31E5F4E997FE",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB5F294-AB64-4047-A1C6-2C3ACF3251B3",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one."
},
{
"lang": "es",
"value": "El tiempo de ejecuci\u00f3n de un inicio de sesi\u00f3n fallido difiere cuando se utiliza un nombre de usuario inexistente en comparaci\u00f3n con el uso de uno existente."
}
],
"id": "CVE-2024-36469",
"lastModified": "2025-11-03T20:16:14.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-04-02T07:15:40.147",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-26255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
}
]
}
GHSA-8W6W-PRH9-WR2J
Vulnerability from github – Published: 2025-04-02 09:30 – Updated: 2025-11-03 21:33
VLAI
Details
Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
Severity
{
"affected": [],
"aliases": [
"CVE-2024-36469"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T07:15:40Z",
"severity": "LOW"
},
"details": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.",
"id": "GHSA-8w6w-prh9-wr2j",
"modified": "2025-11-03T21:33:27Z",
"published": "2025-04-02T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36469"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-26255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
SUSE-SU-2026:0483-1
Vulnerability from csaf_suse - Published: 2026-02-12 16:34 - Updated: 2026-02-12 16:34Summary
Security update for zabbix
Severity
Low
Notes
Title of the patch: Security update for zabbix
Description of the patch: This update for zabbix fixes the following issues:
- CVE-2024-36469: Introduced clamping for mitigation of timing attacks. (bsc#1240676)
- CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get API method for users of User and Admin types. (bsc#1240678)
Patchnames: SUSE-2026-483,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-483
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for zabbix",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for zabbix fixes the following issues:\n\n- CVE-2024-36469: Introduced clamping for mitigation of timing attacks. (bsc#1240676)\n- CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get API method for users of User and Admin types. (bsc#1240678)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-483,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-483",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0483-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0483-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260483-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0483-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024148.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240676",
"url": "https://bugzilla.suse.com/1240676"
},
{
"category": "self",
"summary": "SUSE Bug 1240678",
"url": "https://bugzilla.suse.com/1240678"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36469 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42325 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42325/"
}
],
"title": "Security update for zabbix",
"tracking": {
"current_release_date": "2026-02-12T16:34:19Z",
"generator": {
"date": "2026-02-12T16:34:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0483-1",
"initial_release_date": "2026-02-12T16:34:19Z",
"revision_history": [
{
"date": "2026-02-12T16:34:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-agent-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-proxy-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-server-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.aarch64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.aarch64",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.i586",
"product_id": "zabbix-agent-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.i586",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.i586",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.i586",
"product_id": "zabbix-proxy-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.i586",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.i586",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.i586",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.i586",
"product_id": "zabbix-server-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.i586",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.i586",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.i586",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-agent-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-proxy-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-server-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.ppc64le",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.ppc64le",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.s390",
"product_id": "zabbix-agent-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.s390",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.s390",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.s390",
"product_id": "zabbix-proxy-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.s390",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.s390",
"product_id": "zabbix-server-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.s390",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.s390",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.s390",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.s390x",
"product_id": "zabbix-agent-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.s390x",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.s390x",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.s390x",
"product_id": "zabbix-proxy-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.s390x",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390x",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390x",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.s390x",
"product_id": "zabbix-server-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.s390x",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.s390x",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.s390x",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-agent-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-agent-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-java-gateway-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-phpfrontend-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-proxy-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-proxy-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-server-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-server-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-server-mysql-4.0.12-4.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.45.1.x86_64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.45.1.x86_64",
"product_id": "zabbix-server-postgresql-4.0.12-4.45.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.45.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
},
"product_reference": "zabbix-agent-4.0.12-4.45.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36469"
}
],
"notes": [
{
"category": "general",
"text": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36469",
"url": "https://www.suse.com/security/cve/CVE-2024-36469"
},
{
"category": "external",
"summary": "SUSE Bug 1240676 for CVE-2024-36469",
"url": "https://bugzilla.suse.com/1240676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T16:34:19Z",
"details": "low"
}
],
"title": "CVE-2024-36469"
},
{
"cve": "CVE-2024-42325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42325"
}
],
"notes": [
{
"category": "general",
"text": "Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42325",
"url": "https://www.suse.com/security/cve/CVE-2024-42325"
},
{
"category": "external",
"summary": "SUSE Bug 1240678 for CVE-2024-42325",
"url": "https://bugzilla.suse.com/1240678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T16:34:19Z",
"details": "low"
}
],
"title": "CVE-2024-42325"
}
]
}
WID-SEC-W-2025-0671
Vulnerability from csaf_certbund - Published: 2025-03-31 22:00 - Updated: 2025-04-21 22:00Summary
Zabbix: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um beliebigen Code auszuführen, Cross-Site-Scripting-Angriffe durchzuführen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Zabbix Zabbix <7.0.8rc2
Zabbix / Zabbix
|
<7.0.8rc2 | ||
|
Zabbix Zabbix <7.2.2rc1
Zabbix / Zabbix
|
<7.2.2rc1 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <5.0.46rc1
Zabbix / Zabbix
|
<5.0.46rc1 | ||
|
Zabbix Zabbix <6.0.38rc1
Zabbix / Zabbix
|
<6.0.38rc1 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Zabbix Zabbix <7.0.9rc1
Zabbix / Zabbix
|
<7.0.9rc1 | ||
|
Zabbix Zabbix <7.2.3rc1
Zabbix / Zabbix
|
<7.2.3rc1 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <5.0.46rc1
Zabbix / Zabbix
|
<5.0.46rc1 | ||
|
Zabbix Zabbix <6.0.38rc1
Zabbix / Zabbix
|
<6.0.38rc1 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Zabbix Zabbix <7.0.9rc1
Zabbix / Zabbix
|
<7.0.9rc1 | ||
|
Zabbix Zabbix <7.2.3rc1
Zabbix / Zabbix
|
<7.2.3rc1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <6.0.37rc1
Zabbix / Zabbix
|
<6.0.37rc1 | ||
|
Zabbix Zabbix <6.4.21rc1
Zabbix / Zabbix
|
<6.4.21rc1 | ||
|
Zabbix Zabbix <7.0.7rc1
Zabbix / Zabbix
|
<7.0.7rc1 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Zabbix Zabbix <6.0.39rc1
Zabbix / Zabbix
|
<6.0.39rc1 | ||
|
Zabbix Zabbix <7.0.10rc1
Zabbix / Zabbix
|
<7.0.10rc1 | ||
|
Zabbix Zabbix <7.2.4rc1
Zabbix / Zabbix
|
<7.2.4rc1 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um beliebigen Code auszuf\u00fchren, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0671 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0671.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0671 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0671"
},
{
"category": "external",
"summary": "Zabbix Security Advisory ZBX-26253 vom 2025-03-31",
"url": "https://support.zabbix.com/browse/ZBX-26253"
},
{
"category": "external",
"summary": "Zabbix Security Advisory ZBX-26254 vom 2025-03-31",
"url": "https://support.zabbix.com/browse/ZBX-26254"
},
{
"category": "external",
"summary": "Zabbix Security Advisory ZBX-26255 vom 2025-03-31",
"url": "https://support.zabbix.com/browse/ZBX-26255"
},
{
"category": "external",
"summary": "Zabbix Security Advisory ZBX-26257 vom 2025-03-31",
"url": "https://support.zabbix.com/browse/ZBX-26257"
},
{
"category": "external",
"summary": "Zabbix Security Advisory ZBX-26258 vom 2025-03-31",
"url": "https://support.zabbix.com/browse/ZBX-26258"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-700A59E277 vom 2025-04-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-700a59e277"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-01E745CB85 vom 2025-04-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-01e745cb85"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-77875BE662 vom 2025-04-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-77875be662"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-80A466F7F5 vom 2025-04-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-80a466f7f5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D4263EF3EF vom 2025-04-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d4263ef3ef"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-A7A06A72C8 vom 2025-04-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a7a06a72c8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-C997801CC7 vom 2025-04-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c997801cc7"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4131 vom 2025-04-19",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-21T22:00:00.000+00:00",
"generator": {
"date": "2025-04-22T08:39:26.580+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0671",
"initial_release_date": "2025-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.39rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.39rc1",
"product_id": "T042245"
}
},
{
"category": "product_version",
"name": "6.0.39rc1",
"product": {
"name": "Zabbix Zabbix 6.0.39rc1",
"product_id": "T042245-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.39rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.10rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.0.10rc1",
"product_id": "T042246"
}
},
{
"category": "product_version",
"name": "7.0.10rc1",
"product": {
"name": "Zabbix Zabbix 7.0.10rc1",
"product_id": "T042246-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.0.10rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.4rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.2.4rc1",
"product_id": "T042247"
}
},
{
"category": "product_version",
"name": "7.2.4rc1",
"product": {
"name": "Zabbix Zabbix 7.2.4rc1",
"product_id": "T042247-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.2.4rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.37rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.37rc1",
"product_id": "T042248"
}
},
{
"category": "product_version",
"name": "6.0.37rc1",
"product": {
"name": "Zabbix Zabbix 6.0.37rc1",
"product_id": "T042248-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.37rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.21rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.4.21rc1",
"product_id": "T042249"
}
},
{
"category": "product_version",
"name": "6.4.21rc1",
"product": {
"name": "Zabbix Zabbix 6.4.21rc1",
"product_id": "T042249-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.4.21rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.7rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.0.7rc1",
"product_id": "T042250"
}
},
{
"category": "product_version",
"name": "7.0.7rc1",
"product": {
"name": "Zabbix Zabbix 7.0.7rc1",
"product_id": "T042250-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.0.7rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.46rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.0.46rc1",
"product_id": "T042251"
}
},
{
"category": "product_version",
"name": "5.0.46rc1",
"product": {
"name": "Zabbix Zabbix 5.0.46rc1",
"product_id": "T042251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.46rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.38rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.38rc1",
"product_id": "T042252"
}
},
{
"category": "product_version",
"name": "6.0.38rc1",
"product": {
"name": "Zabbix Zabbix 6.0.38rc1",
"product_id": "T042252-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.38rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.9rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.0.9rc1",
"product_id": "T042253"
}
},
{
"category": "product_version",
"name": "7.0.9rc1",
"product": {
"name": "Zabbix Zabbix 7.0.9rc1",
"product_id": "T042253-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.0.9rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.3rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.2.3rc1",
"product_id": "T042254"
}
},
{
"category": "product_version",
"name": "7.2.3rc1",
"product": {
"name": "Zabbix Zabbix 7.2.3rc1",
"product_id": "T042254-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.2.3rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.8rc2",
"product": {
"name": "Zabbix Zabbix \u003c7.0.8rc2",
"product_id": "T042255"
}
},
{
"category": "product_version",
"name": "7.0.8rc2",
"product": {
"name": "Zabbix Zabbix 7.0.8rc2",
"product_id": "T042255-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.0.8rc2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.2rc1",
"product": {
"name": "Zabbix Zabbix \u003c7.2.2rc1",
"product_id": "T042256"
}
},
{
"category": "product_version",
"name": "7.2.2rc1",
"product": {
"name": "Zabbix Zabbix 7.2.2rc1",
"product_id": "T042256-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.2.2rc1"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36465",
"product_status": {
"known_affected": [
"T042255",
"T042256",
"2951",
"74185"
]
},
"release_date": "2025-03-31T22:00:00.000+00:00",
"title": "CVE-2024-36465"
},
{
"cve": "CVE-2024-36469",
"product_status": {
"known_affected": [
"2951",
"T042251",
"T042252",
"74185",
"T042253",
"T042254"
]
},
"release_date": "2025-03-31T22:00:00.000+00:00",
"title": "CVE-2024-36469"
},
{
"cve": "CVE-2024-42325",
"product_status": {
"known_affected": [
"2951",
"T042251",
"T042252",
"74185",
"T042253",
"T042254"
]
},
"release_date": "2025-03-31T22:00:00.000+00:00",
"title": "CVE-2024-42325"
},
{
"cve": "CVE-2024-45699",
"product_status": {
"known_affected": [
"2951",
"T042248",
"T042249",
"T042250",
"74185"
]
},
"release_date": "2025-03-31T22:00:00.000+00:00",
"title": "CVE-2024-45699"
},
{
"cve": "CVE-2024-45700",
"product_status": {
"known_affected": [
"T042245",
"T042246",
"T042247",
"2951",
"74185"
]
},
"release_date": "2025-03-31T22:00:00.000+00:00",
"title": "CVE-2024-45700"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…