Описание
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| bionic | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| cosmic | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| devel | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| disco | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| eoan | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| esm-apps/bionic | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| esm-apps/focal | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| esm-apps/jammy | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
| esm-apps/xenial | not-affected | 1:2.2.5+dfsg-1ubuntu1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21r ...
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Уязвимость универсальной системы мониторинга Zabbix, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю выполнить произвольный код или прочитать произвольные файлы
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3