Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24349 (GCVE-0-2022-24349)
Vulnerability from cvelistv5
Published
2022-03-09 19:30
Modified
2024-09-16 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"name": "FEDORA-2022-5fab125c08",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"name": "FEDORA-2022-d714c0d39c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"name": "FEDORA-2022-19a9053f17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"name": "[debian-lts-announce] 20220412 [SECURITY] [DLA 2980-1] zabbix security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Frontend",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "4.0.0-4.0.38"
},
{
"status": "affected",
"version": "5.0.0-5.0.20"
},
{
"status": "affected",
"version": "5.4.0-5.4.10"
},
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.0.39rc1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "5.0.21rc1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "5.4.11rc1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "6.0.1rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "internal research"
}
],
"datePublic": "2022-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"name": "FEDORA-2022-5fab125c08",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"name": "FEDORA-2022-d714c0d39c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"name": "FEDORA-2022-19a9053f17",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"name": "[debian-lts-announce] 20220412 [SECURITY] [DLA 2980-1] zabbix security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
],
"solutions": [
{
"lang": "en",
"value": "To remediate this vulnerability, apply the updates"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Reflected XSS in action configuration window of Zabbix Frontend",
"workarounds": [
{
"lang": "en",
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the actionconf.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2022-24349",
"datePublished": "2022-03-09T19:30:26.724288Z",
"dateReserved": "2022-02-02T00:00:00",
"dateUpdated": "2024-09-16T18:45:12.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24349\",\"sourceIdentifier\":\"security@zabbix.com\",\"published\":\"2022-03-09T20:15:08.563\",\"lastModified\":\"2024-11-21T06:50:13.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.\"},{\"lang\":\"es\",\"value\":\"Un usuario autenticado puede crear un enlace con carga \u00fatil XSS reflejada para las p\u00e1ginas de acciones, y enviarlo a otros usuarios. El c\u00f3digo malicioso tiene acceso a todos los mismos objetos que el resto de la p\u00e1gina web y puede realizar modificaciones arbitrarias en el contenido de la p\u00e1gina que se muestra a la v\u00edctima. Este ataque puede ser implementado con la ayuda de la ingenier\u00eda social y la expiraci\u00f3n de una serie de factores - un atacante debe tener acceso autorizado al Zabbix Frontend y permitir la conexi\u00f3n de red entre un servidor malicioso y el ordenador de la v\u00edctima, entender la infraestructura atacada, ser reconocido por la v\u00edctima como un administrador y utilizar el canal de comunicaci\u00f3n de confianza\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.38\",\"matchCriteriaId\":\"708A44D7-726F-4D4A-BB10-3B926689CA07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.0.20\",\"matchCriteriaId\":\"BE339A00-AE42-4A9E-9B1B-D5D120BE0512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"5.4.10\",\"matchCriteriaId\":\"1DF7E86D-391F-4E99-9F16-4C0A98C87D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A4F9FB-A20A-4AB0-A502-8526FD992FF2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html\",\"source\":\"security@zabbix.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-20680\",\"source\":\"security@zabbix.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-20680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
gsd-2022-24349
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24349",
"description": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.",
"id": "GSD-2022-24349",
"references": [
"https://www.suse.com/security/cve/CVE-2022-24349.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24349"
],
"details": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.",
"id": "GSD-2022-24349",
"modified": "2023-12-13T01:19:43.033479Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"AKA": "ZBV-2022-01-1",
"ASSIGNER": "security@zabbix.com",
"DATE_PUBLIC": "2022-02-01T08:05:00.000Z",
"ID": "CVE-2022-24349",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in action configuration window of Zabbix Frontend"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Frontend",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0-4.0.38"
},
{
"version_affected": "=",
"version_value": "5.0.0-5.0.20"
},
{
"version_affected": "=",
"version_value": "5.4.0-5.4.10"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.0.39rc1"
},
{
"version_affected": "!\u003e=",
"version_value": "5.0.21rc1"
},
{
"version_affected": "!\u003e=",
"version_value": "5.4.11rc1"
},
{
"version_affected": "!\u003e=",
"version_value": "6.0.1rc1"
}
]
}
}
]
},
"vendor_name": "Zabbix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "internal research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zabbix.com/browse/ZBX-20680",
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"name": "FEDORA-2022-5fab125c08",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"name": "FEDORA-2022-d714c0d39c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"name": "FEDORA-2022-19a9053f17",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"name": "[debian-lts-announce] 20220412 [SECURITY] [DLA 2980-1] zabbix security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "To remediate this vulnerability, apply the updates"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the actionconf.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.20",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.38",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:frontend:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@zabbix.com",
"ID": "CVE-2022-24349"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"name": "FEDORA-2022-5fab125c08",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"name": "FEDORA-2022-d714c0d39c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"name": "FEDORA-2022-19a9053f17",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"name": "[debian-lts-announce] 20220412 [SECURITY] [DLA 2980-1] zabbix security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-04-12T16:15Z",
"publishedDate": "2022-03-09T20:15Z"
}
}
}
WID-SEC-W-2023-0948
Vulnerability from csaf_certbund
Published
2022-03-07 23:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0948 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0948.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0948 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0948"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES vom 2022-03-07",
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-5FAB125C08 vom 2022-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-5fab125c08"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-19A9053F17 vom 2022-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-19a9053f17"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2980 vom 2022-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1254-1 vom 2022-04-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010744.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3909 vom 2024-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:32.693+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-0948",
"initial_release_date": "2022-03-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2022-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.0.39rc1",
"product": {
"name": "Zabbix Zabbix \u003c4.0.39rc1",
"product_id": "T022248"
}
},
{
"category": "product_version",
"name": "4.0.39rc1",
"product": {
"name": "Zabbix Zabbix 4.0.39rc1",
"product_id": "T022248-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:4.0.39rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.21rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.0.21rc1",
"product_id": "T022249"
}
},
{
"category": "product_version",
"name": "5.0.21rc1",
"product": {
"name": "Zabbix Zabbix 5.0.21rc1",
"product_id": "T022249-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.21rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.4.11rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.4.11rc1",
"product_id": "T022250"
}
},
{
"category": "product_version",
"name": "5.4.11rc1",
"product": {
"name": "Zabbix Zabbix 5.4.11rc1",
"product_id": "T022250-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.4.11rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.1rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.1rc1",
"product_id": "T022251"
}
},
{
"category": "product_version",
"name": "6.0.1rc1",
"product": {
"name": "Zabbix Zabbix 6.0.1rc1",
"product_id": "T022251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.1rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.0alpha1",
"product": {
"name": "Zabbix Zabbix \u003c6.2.0alpha1",
"product_id": "T022252"
}
},
{
"category": "product_version",
"name": "6.2.0alpha1",
"product": {
"name": "Zabbix Zabbix 6.2.0alpha1",
"product_id": "T022252-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.2.0alpha1"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24349",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24349"
},
{
"cve": "CVE-2022-24917",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24917"
},
{
"cve": "CVE-2022-24918",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24918"
},
{
"cve": "CVE-2022-24919",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24919"
}
]
}
wid-sec-w-2023-0948
Vulnerability from csaf_certbund
Published
2022-03-07 23:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0948 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0948.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0948 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0948"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES vom 2022-03-07",
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-5FAB125C08 vom 2022-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-5fab125c08"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-19A9053F17 vom 2022-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-19a9053f17"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2980 vom 2022-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1254-1 vom 2022-04-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010744.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3909 vom 2024-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:32.693+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-0948",
"initial_release_date": "2022-03-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2022-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.0.39rc1",
"product": {
"name": "Zabbix Zabbix \u003c4.0.39rc1",
"product_id": "T022248"
}
},
{
"category": "product_version",
"name": "4.0.39rc1",
"product": {
"name": "Zabbix Zabbix 4.0.39rc1",
"product_id": "T022248-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:4.0.39rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.21rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.0.21rc1",
"product_id": "T022249"
}
},
{
"category": "product_version",
"name": "5.0.21rc1",
"product": {
"name": "Zabbix Zabbix 5.0.21rc1",
"product_id": "T022249-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.21rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.4.11rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.4.11rc1",
"product_id": "T022250"
}
},
{
"category": "product_version",
"name": "5.4.11rc1",
"product": {
"name": "Zabbix Zabbix 5.4.11rc1",
"product_id": "T022250-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.4.11rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.1rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.1rc1",
"product_id": "T022251"
}
},
{
"category": "product_version",
"name": "6.0.1rc1",
"product": {
"name": "Zabbix Zabbix 6.0.1rc1",
"product_id": "T022251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.1rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.0alpha1",
"product": {
"name": "Zabbix Zabbix \u003c6.2.0alpha1",
"product_id": "T022252"
}
},
{
"category": "product_version",
"name": "6.2.0alpha1",
"product": {
"name": "Zabbix Zabbix 6.2.0alpha1",
"product_id": "T022252-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.2.0alpha1"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24349",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24349"
},
{
"cve": "CVE-2022-24917",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24917"
},
{
"cve": "CVE-2022-24918",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24918"
},
{
"cve": "CVE-2022-24919",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden im Zabbix Frontend nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T022248",
"T022249",
"T022250",
"T022251",
"T022252"
]
},
"release_date": "2022-03-07T23:00:00.000+00:00",
"title": "CVE-2022-24919"
}
]
}
cnvd-2022-22698
Vulnerability from cnvd
Title: Zabbix Frontend跨站脚本漏洞
Description:
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。
Zabbix Frontend存在跨站脚本漏洞,经过身份验证的攻击者可利用该漏洞为图形页面创建一个带有反射Javascript代码的链接,并将其发送给其他受害者。
Severity: 低
Patch Name: Zabbix Frontend跨站脚本漏洞的补丁
Patch Description:
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。
Zabbix Frontend存在跨站脚本漏洞,经过身份验证的攻击者可利用该漏洞为图形页面创建一个带有反射Javascript代码的链接,并将其发送给其他受害者。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://support.zabbix.com/browse/ZBX-20680
Reference: https://support.zabbix.com/browse/ZBX-20680
Impacted products
| Name | ['Zabbix Frontend >=4.0.0,<=4.0.38', 'Zabbix Frontend >=5.0.0,<=5.0.20', 'Zabbix Frontend >=5.4.0,<=5.4.10', 'Zabbix Frontend 6.0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-24349",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24349"
}
},
"description": "Zabbix Frontend\u662f\u7f8e\u56fdZabbix\u516c\u53f8\u7684\u4e00\u4e2a\u76d1\u63a7\u8f6f\u4ef6\u524d\u7aef\u5de5\u5177\u3002\n\nZabbix Frontend\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u56fe\u5f62\u9875\u9762\u521b\u5efa\u4e00\u4e2a\u5e26\u6709\u53cd\u5c04Javascript\u4ee3\u7801\u7684\u94fe\u63a5\uff0c\u5e76\u5c06\u5176\u53d1\u9001\u7ed9\u5176\u4ed6\u53d7\u5bb3\u8005\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.zabbix.com/browse/ZBX-20680",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-22698",
"openTime": "2022-03-25",
"patchDescription": "Zabbix Frontend\u662f\u7f8e\u56fdZabbix\u516c\u53f8\u7684\u4e00\u4e2a\u76d1\u63a7\u8f6f\u4ef6\u524d\u7aef\u5de5\u5177\u3002\r\n\r\nZabbix Frontend\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u56fe\u5f62\u9875\u9762\u521b\u5efa\u4e00\u4e2a\u5e26\u6709\u53cd\u5c04Javascript\u4ee3\u7801\u7684\u94fe\u63a5\uff0c\u5e76\u5c06\u5176\u53d1\u9001\u7ed9\u5176\u4ed6\u53d7\u5bb3\u8005\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Zabbix Frontend\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Zabbix Frontend \u003e=4.0.0\uff0c\u003c=4.0.38",
"Zabbix Frontend \u003e=5.0.0\uff0c\u003c=5.0.20",
"Zabbix Frontend \u003e=5.4.0\uff0c\u003c=5.4.10",
"Zabbix Frontend 6.0"
]
},
"referenceLink": "https://support.zabbix.com/browse/ZBX-20680",
"serverity": "\u4f4e",
"submitTime": "2022-03-11",
"title": "Zabbix Frontend\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
opensuse-su-2024:11934-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
zabbix-agent-4.0.39-1.1 on GA media
Notes
Title of the patch
zabbix-agent-4.0.39-1.1 on GA media
Description of the patch
These are all security issues fixed in the zabbix-agent-4.0.39-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11934
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zabbix-agent-4.0.39-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zabbix-agent-4.0.39-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11934",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11934-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24349 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24349/"
}
],
"title": "zabbix-agent-4.0.39-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11934-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-agent-4.0.39-1.1.aarch64",
"product_id": "zabbix-agent-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-java-gateway-4.0.39-1.1.aarch64",
"product_id": "zabbix-java-gateway-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-phpfrontend-4.0.39-1.1.aarch64",
"product_id": "zabbix-phpfrontend-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-proxy-4.0.39-1.1.aarch64",
"product_id": "zabbix-proxy-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"product_id": "zabbix-proxy-mysql-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"product_id": "zabbix-proxy-postgresql-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"product_id": "zabbix-proxy-sqlite-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-server-4.0.39-1.1.aarch64",
"product_id": "zabbix-server-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-server-mysql-4.0.39-1.1.aarch64",
"product_id": "zabbix-server-mysql-4.0.39-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.39-1.1.aarch64",
"product": {
"name": "zabbix-server-postgresql-4.0.39-1.1.aarch64",
"product_id": "zabbix-server-postgresql-4.0.39-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-agent-4.0.39-1.1.ppc64le",
"product_id": "zabbix-agent-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-java-gateway-4.0.39-1.1.ppc64le",
"product_id": "zabbix-java-gateway-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"product_id": "zabbix-phpfrontend-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-4.0.39-1.1.ppc64le",
"product_id": "zabbix-proxy-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"product_id": "zabbix-proxy-mysql-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"product_id": "zabbix-proxy-postgresql-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"product_id": "zabbix-proxy-sqlite-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-server-4.0.39-1.1.ppc64le",
"product_id": "zabbix-server-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-server-mysql-4.0.39-1.1.ppc64le",
"product_id": "zabbix-server-mysql-4.0.39-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"product": {
"name": "zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"product_id": "zabbix-server-postgresql-4.0.39-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-agent-4.0.39-1.1.s390x",
"product_id": "zabbix-agent-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-java-gateway-4.0.39-1.1.s390x",
"product_id": "zabbix-java-gateway-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-phpfrontend-4.0.39-1.1.s390x",
"product_id": "zabbix-phpfrontend-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-proxy-4.0.39-1.1.s390x",
"product_id": "zabbix-proxy-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.s390x",
"product_id": "zabbix-proxy-mysql-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"product_id": "zabbix-proxy-postgresql-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"product_id": "zabbix-proxy-sqlite-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-server-4.0.39-1.1.s390x",
"product_id": "zabbix-server-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-server-mysql-4.0.39-1.1.s390x",
"product_id": "zabbix-server-mysql-4.0.39-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.39-1.1.s390x",
"product": {
"name": "zabbix-server-postgresql-4.0.39-1.1.s390x",
"product_id": "zabbix-server-postgresql-4.0.39-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-agent-4.0.39-1.1.x86_64",
"product_id": "zabbix-agent-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-java-gateway-4.0.39-1.1.x86_64",
"product_id": "zabbix-java-gateway-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-phpfrontend-4.0.39-1.1.x86_64",
"product_id": "zabbix-phpfrontend-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-proxy-4.0.39-1.1.x86_64",
"product_id": "zabbix-proxy-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"product_id": "zabbix-proxy-mysql-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"product_id": "zabbix-proxy-postgresql-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"product_id": "zabbix-proxy-sqlite-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-server-4.0.39-1.1.x86_64",
"product_id": "zabbix-server-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-server-mysql-4.0.39-1.1.x86_64",
"product_id": "zabbix-server-mysql-4.0.39-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.39-1.1.x86_64",
"product": {
"name": "zabbix-server-postgresql-4.0.39-1.1.x86_64",
"product_id": "zabbix-server-postgresql-4.0.39-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-agent-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-agent-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-agent-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-agent-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-java-gateway-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-java-gateway-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-java-gateway-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-java-gateway-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-phpfrontend-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-phpfrontend-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-phpfrontend-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-proxy-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-proxy-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-proxy-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-proxy-mysql-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-server-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-server-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-server-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-server-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-server-mysql-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-server-mysql-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-server-mysql-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-server-mysql-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.39-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.aarch64"
},
"product_reference": "zabbix-server-postgresql-4.0.39-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.39-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.ppc64le"
},
"product_reference": "zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.39-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.s390x"
},
"product_reference": "zabbix-server-postgresql-4.0.39-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.39-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.x86_64"
},
"product_reference": "zabbix-server-postgresql-4.0.39-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24349"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected XSS payload for actions\u0027 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u0027s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24349",
"url": "https://www.suse.com/security/cve/CVE-2022-24349"
},
{
"category": "external",
"summary": "SUSE Bug 1196944 for CVE-2022-24349",
"url": "https://bugzilla.suse.com/1196944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-24349"
}
]
}
ghsa-vv83-2f3m-pvxg
Vulnerability from github
Published
2022-03-10 00:00
Modified
2023-04-12 18:30
Severity ?
VLAI Severity ?
Details
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
{
"affected": [],
"aliases": [
"CVE-2022-24349"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "An authenticated user can create a link with reflected XSS payload for actions\u00e2\u20ac\u2122 pages, and send it to other users.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u00e2\u20ac\u2122s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.",
"id": "GHSA-vv83-2f3m-pvxg",
"modified": "2023-04-12T18:30:39Z",
"published": "2022-03-10T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24349"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-20680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
fkie_cve-2022-24349
Vulnerability from fkie_nvd
Published
2022-03-09 20:15
Modified
2024-11-21 06:50
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zabbix | frontend | * | |
| zabbix | frontend | * | |
| zabbix | frontend | * | |
| zabbix | frontend | 6.0.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "708A44D7-726F-4D4A-BB10-3B926689CA07",
"versionEndIncluding": "4.0.38",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE339A00-AE42-4A9E-9B1B-D5D120BE0512",
"versionEndIncluding": "5.0.20",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E86D-391F-4E99-9F16-4C0A98C87D08",
"versionEndIncluding": "5.4.10",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:frontend:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39A4F9FB-A20A-4AB0-A502-8526FD992FF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel."
},
{
"lang": "es",
"value": "Un usuario autenticado puede crear un enlace con carga \u00fatil XSS reflejada para las p\u00e1ginas de acciones, y enviarlo a otros usuarios. El c\u00f3digo malicioso tiene acceso a todos los mismos objetos que el resto de la p\u00e1gina web y puede realizar modificaciones arbitrarias en el contenido de la p\u00e1gina que se muestra a la v\u00edctima. Este ataque puede ser implementado con la ayuda de la ingenier\u00eda social y la expiraci\u00f3n de una serie de factores - un atacante debe tener acceso autorizado al Zabbix Frontend y permitir la conexi\u00f3n de red entre un servidor malicioso y el ordenador de la v\u00edctima, entender la infraestructura atacada, ser reconocido por la v\u00edctima como un administrador y utilizar el canal de comunicaci\u00f3n de confianza"
}
],
"id": "CVE-2022-24349",
"lastModified": "2024-11-21T06:50:13.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-09T20:15:08.563",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"source": "security@zabbix.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"source": "security@zabbix.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"source": "security@zabbix.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"source": "security@zabbix.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"source": "security@zabbix.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-20680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-20680"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2022:1254-1
Vulnerability from csaf_suse
Published
2022-04-19 07:12
Modified
2022-04-19 07:12
Summary
Security update for zabbix
Notes
Title of the patch
Security update for zabbix
Description of the patch
This update for zabbix fixes the following issues:
- CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944).
- CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945).
- CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc#1196946).
- CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947).
Patchnames
SUSE-2022-1254,SUSE-SLE-SERVER-12-SP5-2022-1254
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for zabbix",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for zabbix fixes the following issues:\n\n- CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944).\n- CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945).\n- CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc#1196946).\n- CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1254,SUSE-SLE-SERVER-12-SP5-2022-1254",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1254-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1254-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221254-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1254-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010744.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196944",
"url": "https://bugzilla.suse.com/1196944"
},
{
"category": "self",
"summary": "SUSE Bug 1196945",
"url": "https://bugzilla.suse.com/1196945"
},
{
"category": "self",
"summary": "SUSE Bug 1196946",
"url": "https://bugzilla.suse.com/1196946"
},
{
"category": "self",
"summary": "SUSE Bug 1196947",
"url": "https://bugzilla.suse.com/1196947"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24349 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24917 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24918 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24919/"
}
],
"title": "Security update for zabbix",
"tracking": {
"current_release_date": "2022-04-19T07:12:53Z",
"generator": {
"date": "2022-04-19T07:12:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1254-1",
"initial_release_date": "2022-04-19T07:12:53Z",
"revision_history": [
{
"date": "2022-04-19T07:12:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-agent-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-proxy-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-server-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.aarch64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.aarch64",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.i586",
"product_id": "zabbix-agent-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.i586",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.i586",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.i586",
"product_id": "zabbix-proxy-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.i586",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.i586",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.i586",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.i586",
"product_id": "zabbix-server-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.i586",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.i586",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.i586",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-agent-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-proxy-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-server-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.ppc64le",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.ppc64le",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.s390",
"product_id": "zabbix-agent-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.s390",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.s390",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.s390",
"product_id": "zabbix-proxy-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.s390",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.s390",
"product_id": "zabbix-server-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.s390",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.s390",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.s390",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.s390x",
"product_id": "zabbix-agent-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.s390x",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.s390x",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.s390x",
"product_id": "zabbix-proxy-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.s390x",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390x",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390x",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.s390x",
"product_id": "zabbix-server-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.s390x",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.s390x",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.s390x",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-agent-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-agent-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-java-gateway-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-phpfrontend-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-proxy-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-proxy-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-server-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-server-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-server-mysql-4.0.12-4.15.2.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.15.2.x86_64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.15.2.x86_64",
"product_id": "zabbix-server-postgresql-4.0.12-4.15.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.15.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
},
"product_reference": "zabbix-agent-4.0.12-4.15.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24349"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected XSS payload for actions\u0027 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u0027s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24349",
"url": "https://www.suse.com/security/cve/CVE-2022-24349"
},
{
"category": "external",
"summary": "SUSE Bug 1196944 for CVE-2022-24349",
"url": "https://bugzilla.suse.com/1196944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-19T07:12:53Z",
"details": "moderate"
}
],
"title": "CVE-2022-24349"
},
{
"cve": "CVE-2022-24917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24917"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected Javascript code inside it for services\u0027 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24917",
"url": "https://www.suse.com/security/cve/CVE-2022-24917"
},
{
"category": "external",
"summary": "SUSE Bug 1196945 for CVE-2022-24917",
"url": "https://bugzilla.suse.com/1196945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-19T07:12:53Z",
"details": "moderate"
}
],
"title": "CVE-2022-24917"
},
{
"cve": "CVE-2022-24918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24918"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected Javascript code inside it for items\u0027 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24918",
"url": "https://www.suse.com/security/cve/CVE-2022-24918"
},
{
"category": "external",
"summary": "SUSE Bug 1196946 for CVE-2022-24918",
"url": "https://bugzilla.suse.com/1196946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-19T07:12:53Z",
"details": "moderate"
}
],
"title": "CVE-2022-24918"
},
{
"cve": "CVE-2022-24919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24919"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected Javascript code inside it for graphs\u0027 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24919",
"url": "https://www.suse.com/security/cve/CVE-2022-24919"
},
{
"category": "external",
"summary": "SUSE Bug 1196947 for CVE-2022-24919",
"url": "https://bugzilla.suse.com/1196947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.15.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-19T07:12:53Z",
"details": "moderate"
}
],
"title": "CVE-2022-24919"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…