10 matches found
Exploit for Improper Access Control in Zabbix
CVE-2022-23134 Writeup and POC This is a...
Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)
An authentication bypass vulnerability exists in Zabbix Web Frontend. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal...
openSUSE: Security Advisory for zabbix (openSUSE-SU-2022:0036-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for zabbix (moderate)
openSUSE Security Update: Security update for zabbix Announcement ID: openSUSE-SU-2022:0036-1 Rating: moderate References: 1144018 1174253 1181400 1183014 1194681 Cross-References: CVE-2020-15803 CVE-2021-27927 CVE-2022-23134 CVSS scores: CVE-2020-15803 NVD : 6.1...
Debian DLA-2914-1 : zabbix - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2914 advisory. - After the initial setup process, some steps of setup.php file are reachable not only by super- administrators, but by unauthenticated users as well. Malicious actor can...
CVE-2022-23134
creationtimestamp| type| source ---|---|--- 2022-01-13 18:18:35+00:00| seen| https://t.me/cibsecurity/35418 2022-02-24 13:18:32+00:00| exploited| https://t.me/thehackernews/1917 2022-02-24 16:05:51+00:00| exploited| https://t.me/cKure/8851 2022-02-25 18:16:00+00:00| exploited|...
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...