Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-35230 (GCVE-0-2022-35230)
Vulnerability from cvelistv5
Published
2022-07-06 11:05
Modified
2024-09-16 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Frontend",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "4.0.0-4.0.42"
},
{
"status": "affected",
"version": "5.0.0-5.0.24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "internal research"
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
],
"solutions": [
{
"lang": "en",
"value": "To remediate this vulnerability, apply the updates"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Reflected XSS in graphs page of Zabbix Frontend",
"workarounds": [
{
"lang": "en",
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the graphs.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2022-35230",
"datePublished": "2022-07-06T11:05:14.025474Z",
"dateReserved": "2022-07-05T00:00:00",
"dateUpdated": "2024-09-16T22:10:24.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-35230\",\"sourceIdentifier\":\"security@zabbix.com\",\"published\":\"2022-07-06T11:15:09.020\",\"lastModified\":\"2024-11-21T07:10:56.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\"},{\"lang\":\"es\",\"value\":\"Un usuario autenticado puede crear un enlace con c\u00f3digo Javascript reflejado en su interior para la p\u00e1gina de gr\u00e1ficos y enviarlo a otros usuarios. La carga \u00fatil s\u00f3lo puede ejecutarse con un valor conocido del token CSRF de la v\u00edctima, que es cambiado peri\u00f3dicamente y es dif\u00edcil de predecir\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.25\",\"matchCriteriaId\":\"F14B0723-57AD-4B46-9C1A-E9C06C2E1716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93246229-E4FF-49BB-9BCD-01CCCD43FCD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B52616-759E-41B3-8983-F721AF87DCA5\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-21305\",\"source\":\"security@zabbix.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-21305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
gsd-2022-35230
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35230",
"description": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.",
"id": "GSD-2022-35230",
"references": [
"https://www.suse.com/security/cve/CVE-2022-35230.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35230"
],
"details": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.",
"id": "GSD-2022-35230",
"modified": "2023-12-13T01:19:33.498992Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"AKA": "ZBV-2022-04-2",
"ASSIGNER": "security@zabbix.com",
"DATE_PUBLIC": "2022-04-27T12:50:00.000Z",
"ID": "CVE-2022-35230",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in graphs page of Zabbix Frontend"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Frontend",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0-4.0.42"
},
{
"version_affected": "=",
"version_value": "5.0.0-5.0.24"
}
]
}
}
]
},
"vendor_name": "Zabbix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "internal research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zabbix.com/browse/ZBX-21305",
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "To remediate this vulnerability, apply the updates"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the graphs.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.25",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@zabbix.com",
"ID": "CVE-2022-35230"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-04-12T16:15Z",
"publishedDate": "2022-07-06T11:15Z"
}
}
}
opensuse-su-2024:12212-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
zabbix-agent-4.0.42-1.1 on GA media
Notes
Title of the patch
zabbix-agent-4.0.42-1.1 on GA media
Description of the patch
These are all security issues fixed in the zabbix-agent-4.0.42-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12212
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zabbix-agent-4.0.42-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zabbix-agent-4.0.42-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12212",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12212-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-35230 page",
"url": "https://www.suse.com/security/cve/CVE-2022-35230/"
}
],
"title": "zabbix-agent-4.0.42-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12212-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-agent-4.0.42-1.1.aarch64",
"product_id": "zabbix-agent-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-java-gateway-4.0.42-1.1.aarch64",
"product_id": "zabbix-java-gateway-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-phpfrontend-4.0.42-1.1.aarch64",
"product_id": "zabbix-phpfrontend-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-proxy-4.0.42-1.1.aarch64",
"product_id": "zabbix-proxy-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"product_id": "zabbix-proxy-mysql-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"product_id": "zabbix-proxy-postgresql-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"product_id": "zabbix-proxy-sqlite-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-server-4.0.42-1.1.aarch64",
"product_id": "zabbix-server-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-server-mysql-4.0.42-1.1.aarch64",
"product_id": "zabbix-server-mysql-4.0.42-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.42-1.1.aarch64",
"product": {
"name": "zabbix-server-postgresql-4.0.42-1.1.aarch64",
"product_id": "zabbix-server-postgresql-4.0.42-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-agent-4.0.42-1.1.ppc64le",
"product_id": "zabbix-agent-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-java-gateway-4.0.42-1.1.ppc64le",
"product_id": "zabbix-java-gateway-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"product_id": "zabbix-phpfrontend-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-4.0.42-1.1.ppc64le",
"product_id": "zabbix-proxy-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"product_id": "zabbix-proxy-mysql-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"product_id": "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"product_id": "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-server-4.0.42-1.1.ppc64le",
"product_id": "zabbix-server-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-server-mysql-4.0.42-1.1.ppc64le",
"product_id": "zabbix-server-mysql-4.0.42-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"product": {
"name": "zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"product_id": "zabbix-server-postgresql-4.0.42-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-agent-4.0.42-1.1.s390x",
"product_id": "zabbix-agent-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-java-gateway-4.0.42-1.1.s390x",
"product_id": "zabbix-java-gateway-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-phpfrontend-4.0.42-1.1.s390x",
"product_id": "zabbix-phpfrontend-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-proxy-4.0.42-1.1.s390x",
"product_id": "zabbix-proxy-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.s390x",
"product_id": "zabbix-proxy-mysql-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"product_id": "zabbix-proxy-postgresql-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"product_id": "zabbix-proxy-sqlite-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-server-4.0.42-1.1.s390x",
"product_id": "zabbix-server-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-server-mysql-4.0.42-1.1.s390x",
"product_id": "zabbix-server-mysql-4.0.42-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.42-1.1.s390x",
"product": {
"name": "zabbix-server-postgresql-4.0.42-1.1.s390x",
"product_id": "zabbix-server-postgresql-4.0.42-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-agent-4.0.42-1.1.x86_64",
"product_id": "zabbix-agent-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-java-gateway-4.0.42-1.1.x86_64",
"product_id": "zabbix-java-gateway-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-phpfrontend-4.0.42-1.1.x86_64",
"product_id": "zabbix-phpfrontend-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-proxy-4.0.42-1.1.x86_64",
"product_id": "zabbix-proxy-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"product_id": "zabbix-proxy-mysql-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"product_id": "zabbix-proxy-postgresql-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"product_id": "zabbix-proxy-sqlite-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-server-4.0.42-1.1.x86_64",
"product_id": "zabbix-server-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-server-mysql-4.0.42-1.1.x86_64",
"product_id": "zabbix-server-mysql-4.0.42-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.42-1.1.x86_64",
"product": {
"name": "zabbix-server-postgresql-4.0.42-1.1.x86_64",
"product_id": "zabbix-server-postgresql-4.0.42-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-agent-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-agent-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-agent-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-agent-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-java-gateway-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-java-gateway-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-java-gateway-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-java-gateway-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-phpfrontend-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-phpfrontend-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-phpfrontend-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-phpfrontend-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-proxy-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-proxy-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-proxy-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-proxy-mysql-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-server-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-server-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-server-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-server-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-server-mysql-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-server-mysql-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-server-mysql-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-server-mysql-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64"
},
"product_reference": "zabbix-server-postgresql-4.0.42-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le"
},
"product_reference": "zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x"
},
"product_reference": "zabbix-server-postgresql-4.0.42-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64"
},
"product_reference": "zabbix-server-postgresql-4.0.42-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-35230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-35230"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-35230",
"url": "https://www.suse.com/security/cve/CVE-2022-35230"
},
{
"category": "external",
"summary": "SUSE Bug 1201290 for CVE-2022-35230",
"url": "https://bugzilla.suse.com/1201290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-35230"
}
]
}
suse-su-2022:3101-1
Vulnerability from csaf_suse
Published
2022-09-06 07:47
Modified
2022-09-06 07:47
Summary
Security update for zabbix
Notes
Title of the patch
Security update for zabbix
Description of the patch
This update for zabbix fixes the following issues:
- CVE-2022-35230: Javascript embedded in links for graphs page will be executed (bsc#1201290).
Patchnames
SUSE-2022-3101,SUSE-SLE-SERVER-12-SP5-2022-3101
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for zabbix",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for zabbix fixes the following issues:\n\n- CVE-2022-35230: Javascript embedded in links for graphs page will be executed (bsc#1201290).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3101,SUSE-SLE-SERVER-12-SP5-2022-3101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3101-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3101-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223101-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3101-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html"
},
{
"category": "self",
"summary": "SUSE Bug 1201290",
"url": "https://bugzilla.suse.com/1201290"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-35230 page",
"url": "https://www.suse.com/security/cve/CVE-2022-35230/"
}
],
"title": "Security update for zabbix",
"tracking": {
"current_release_date": "2022-09-06T07:47:57Z",
"generator": {
"date": "2022-09-06T07:47:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3101-1",
"initial_release_date": "2022-09-06T07:47:57Z",
"revision_history": [
{
"date": "2022-09-06T07:47:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-agent-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-proxy-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-server-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.aarch64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.aarch64",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.i586",
"product_id": "zabbix-agent-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.i586",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.i586",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.i586",
"product_id": "zabbix-proxy-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.i586",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.i586",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.i586",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.i586",
"product_id": "zabbix-server-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.i586",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.i586"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.i586",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.i586",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-agent-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-proxy-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-server-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.s390",
"product_id": "zabbix-agent-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.s390",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.s390",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.s390",
"product_id": "zabbix-proxy-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.s390",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.s390",
"product_id": "zabbix-server-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.s390",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.s390"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.s390",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.s390",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.s390x",
"product_id": "zabbix-agent-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.s390x",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.s390x",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.s390x",
"product_id": "zabbix-proxy-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.s390x",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.s390x",
"product_id": "zabbix-server-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.s390x",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.s390x",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.s390x",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-agent-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-agent-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-java-gateway-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-java-gateway-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-phpfrontend-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-phpfrontend-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-phpfrontend-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-proxy-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-proxy-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-server-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-server-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-server-mysql-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-server-mysql-4.0.12-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-4.0.12-4.18.1.x86_64",
"product": {
"name": "zabbix-server-postgresql-4.0.12-4.18.1.x86_64",
"product_id": "zabbix-server-postgresql-4.0.12-4.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-4.0.12-4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64"
},
"product_reference": "zabbix-agent-4.0.12-4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-35230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-35230"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-35230",
"url": "https://www.suse.com/security/cve/CVE-2022-35230"
},
{
"category": "external",
"summary": "SUSE Bug 1201290 for CVE-2022-35230",
"url": "https://bugzilla.suse.com/1201290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-06T07:47:57Z",
"details": "moderate"
}
],
"title": "CVE-2022-35230"
}
]
}
wid-sec-w-2022-0591
Vulnerability from csaf_certbund
Published
2022-07-06 22:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0591 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0591.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0591 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0591"
},
{
"category": "external",
"summary": "Zabbix Security Advisory vom 2022-07-06",
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"category": "external",
"summary": "Zabbix Security Advisory vom 2022-07-06",
"url": "https://support.zabbix.com/browse/ZBX-21306"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3101-1 vom 2022-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3538 vom 2023-08-22",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6751-1 vom 2024-04-25",
"url": "https://ubuntu.com/security/notices/USN-6751-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3909 vom 2024-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:32.287+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2022-0591",
"initial_release_date": "2022-07-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-08-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Frontend \u003c5.0.25rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c5.0.25rc1",
"product_id": "T023739"
}
},
{
"category": "product_version",
"name": "Frontend 5.0.25rc1",
"product": {
"name": "Zabbix Zabbix Frontend 5.0.25rc1",
"product_id": "T023739-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__5.0.25rc1"
}
}
},
{
"category": "product_version_range",
"name": "Frontend \u003c6.0.5rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c6.0.5rc1",
"product_id": "T023740"
}
},
{
"category": "product_version",
"name": "Frontend 6.0.5rc1",
"product": {
"name": "Zabbix Zabbix Frontend 6.0.5rc1",
"product_id": "T023740-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__6.0.5rc1"
}
}
},
{
"category": "product_version_range",
"name": "Frontend \u003c6.2.0rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c6.2.0rc1",
"product_id": "T023741"
}
},
{
"category": "product_version",
"name": "Frontend 6.2.0rc1",
"product": {
"name": "Zabbix Zabbix Frontend 6.2.0rc1",
"product_id": "T023741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__6.2.0rc1"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-35229",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T023740",
"T023741",
"T023739"
]
},
"release_date": "2022-07-06T22:00:00.000+00:00",
"title": "CVE-2022-35229"
},
{
"cve": "CVE-2022-35230",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T023740",
"T023741",
"T023739"
]
},
"release_date": "2022-07-06T22:00:00.000+00:00",
"title": "CVE-2022-35230"
}
]
}
WID-SEC-W-2022-0591
Vulnerability from csaf_certbund
Published
2022-07-06 22:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0591 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0591.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0591 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0591"
},
{
"category": "external",
"summary": "Zabbix Security Advisory vom 2022-07-06",
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"category": "external",
"summary": "Zabbix Security Advisory vom 2022-07-06",
"url": "https://support.zabbix.com/browse/ZBX-21306"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3101-1 vom 2022-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3390 vom 2023-04-12",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3538 vom 2023-08-22",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6751-1 vom 2024-04-25",
"url": "https://ubuntu.com/security/notices/USN-6751-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3909 vom 2024-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:32.287+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2022-0591",
"initial_release_date": "2022-07-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-08-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Frontend \u003c5.0.25rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c5.0.25rc1",
"product_id": "T023739"
}
},
{
"category": "product_version",
"name": "Frontend 5.0.25rc1",
"product": {
"name": "Zabbix Zabbix Frontend 5.0.25rc1",
"product_id": "T023739-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__5.0.25rc1"
}
}
},
{
"category": "product_version_range",
"name": "Frontend \u003c6.0.5rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c6.0.5rc1",
"product_id": "T023740"
}
},
{
"category": "product_version",
"name": "Frontend 6.0.5rc1",
"product": {
"name": "Zabbix Zabbix Frontend 6.0.5rc1",
"product_id": "T023740-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__6.0.5rc1"
}
}
},
{
"category": "product_version_range",
"name": "Frontend \u003c6.2.0rc1",
"product": {
"name": "Zabbix Zabbix Frontend \u003c6.2.0rc1",
"product_id": "T023741"
}
},
{
"category": "product_version",
"name": "Frontend 6.2.0rc1",
"product": {
"name": "Zabbix Zabbix Frontend 6.2.0rc1",
"product_id": "T023741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:frontend__6.2.0rc1"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-35229",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T023740",
"T023741",
"T023739"
]
},
"release_date": "2022-07-06T22:00:00.000+00:00",
"title": "CVE-2022-35229"
},
{
"cve": "CVE-2022-35230",
"notes": [
{
"category": "description",
"text": "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T023740",
"T023741",
"T023739"
]
},
"release_date": "2022-07-06T22:00:00.000+00:00",
"title": "CVE-2022-35230"
}
]
}
ghsa-6f4g-hm4f-cqp3
Vulnerability from github
Published
2022-07-07 00:00
Modified
2022-07-15 00:00
Severity ?
VLAI Severity ?
Details
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
{
"affected": [],
"aliases": [
"CVE-2022-35230"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-06T11:15:00Z",
"severity": "MODERATE"
},
"details": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.",
"id": "GHSA-6f4g-hm4f-cqp3",
"modified": "2022-07-15T00:00:15Z",
"published": "2022-07-07T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35230"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-21305"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
fkie_cve-2022-35230
Vulnerability from fkie_nvd
Published
2022-07-06 11:15
Modified
2024-11-21 07:10
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F14B0723-57AD-4B46-9C1A-E9C06C2E1716",
"versionEndExcluding": "5.0.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*",
"matchCriteriaId": "93246229-E4FF-49BB-9BCD-01CCCD43FCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7B52616-759E-41B3-8983-F721AF87DCA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict."
},
{
"lang": "es",
"value": "Un usuario autenticado puede crear un enlace con c\u00f3digo Javascript reflejado en su interior para la p\u00e1gina de gr\u00e1ficos y enviarlo a otros usuarios. La carga \u00fatil s\u00f3lo puede ejecutarse con un valor conocido del token CSRF de la v\u00edctima, que es cambiado peri\u00f3dicamente y es dif\u00edcil de predecir"
}
],
"id": "CVE-2022-35230",
"lastModified": "2024-11-21T07:10:56.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T11:15:09.020",
"references": [
{
"source": "security@zabbix.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"source": "security@zabbix.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-21305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-21305"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2022-58412
Vulnerability from cnvd
Title: Zabbix Frontend跨站脚本漏洞(CNVD-2022-58412)
Description:
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。
Zabbix Frontend存在跨站脚本漏洞,该漏洞源于图形页面缺少对用户提供的数据和输出的数据校验过滤。经过身份验证的攻击者可利用该漏在图形页面创建一个包含反射Javascript代码的链接,并将其发送给其他用户。
Severity: 低
Patch Name: Zabbix Frontend跨站脚本漏洞(CNVD-2022-58412)的补丁
Patch Description:
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。
Zabbix Frontend存在跨站脚本漏洞,该漏洞源于图形页面缺少对用户提供的数据和输出的数据校验过滤。经过身份验证的攻击者可利用该漏在图形页面创建一个包含反射Javascript代码的链接,并将其发送给其他用户。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://support.zabbix.com/browse/ZBX-21305
Reference: https://vigilance.fr/vulnerability/Zabbix-Cross-Site-Scripting-via-Graphs-Page-38912
Impacted products
| Name | Zabbix Zabbix Frontend <5.0.25 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-35230",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-35230"
}
},
"description": "Zabbix Frontend\u662f\u7f8e\u56fdZabbix\u516c\u53f8\u7684\u4e00\u4e2a\u76d1\u63a7\u8f6f\u4ef6\u524d\u7aef\u5de5\u5177\u3002\n\nZabbix Frontend\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fe\u5f62\u9875\u9762\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u5728\u56fe\u5f62\u9875\u9762\u521b\u5efa\u4e00\u4e2a\u5305\u542b\u53cd\u5c04Javascript\u4ee3\u7801\u7684\u94fe\u63a5\uff0c\u5e76\u5c06\u5176\u53d1\u9001\u7ed9\u5176\u4ed6\u7528\u6237\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.zabbix.com/browse/ZBX-21305",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-58412",
"openTime": "2022-08-11",
"patchDescription": "Zabbix Frontend\u662f\u7f8e\u56fdZabbix\u516c\u53f8\u7684\u4e00\u4e2a\u76d1\u63a7\u8f6f\u4ef6\u524d\u7aef\u5de5\u5177\u3002\r\n\r\nZabbix Frontend\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fe\u5f62\u9875\u9762\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u5728\u56fe\u5f62\u9875\u9762\u521b\u5efa\u4e00\u4e2a\u5305\u542b\u53cd\u5c04Javascript\u4ee3\u7801\u7684\u94fe\u63a5\uff0c\u5e76\u5c06\u5176\u53d1\u9001\u7ed9\u5176\u4ed6\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Zabbix Frontend\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-58412\uff09\u7684\u8865\u4e01",
"products": {
"product": "Zabbix Zabbix Frontend \u003c5.0.25"
},
"referenceLink": "https://vigilance.fr/vulnerability/Zabbix-Cross-Site-Scripting-via-Graphs-Page-38912",
"serverity": "\u4f4e",
"submitTime": "2022-07-08",
"title": "Zabbix Frontend\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-58412\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…