Shodan
Vulnerabilities
Vulnerable Software
Zabbix:  Security Vulnerabilities
CVE-2022-23134
Known exploited
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
CVSS Score
3.7
EPSS Score
0.926
Published
2022-01-13
CVE-2022-22704
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-06
CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-03-03
CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
CVSS Score
9.0
EPSS Score
0.478
Published
2020-10-07
CVE-2020-15803
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
CVSS Score
6.1
EPSS Score
0.051
Published
2020-07-17
CVE-2013-3738
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.091
Published
2020-02-17
CVE-2013-3628
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.894
Published
2020-02-07
CVE-2013-5743
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
CVSS Score
9.8
EPSS Score
0.778
Published
2019-12-11
CVE-2013-7484
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-30
CVE-2019-17382
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
CVSS Score
9.1
EPSS Score
0.937
Published
2019-10-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved