Количество 9
Количество 9
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User ...
GHSA-gx59-7g62-6xhg
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
BDU:2024-10543
Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
ROS-20241212-24
Уязвимость zabbix7-lts-server-pgsql
ROS-20241212-22
Уязвимость zabbix7-lts-server-mysql
ROS-20241212-04
Уязвимость zabbix-lts-server-pgsql
ROS-20241212-02
Уязвимость zabbix-lts-server-mysql
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 87% Высокий | 7 месяцев назад |
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 87% Высокий | 7 месяцев назад |
| CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User ... | CVSS3: 9.9 | 87% Высокий | 7 месяцев назад |
| GHSA-gx59-7g62-6xhg A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 87% Высокий | 7 месяцев назад |
 | BDU:2024-10543 Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии | CVSS3: 9.9 | 87% Высокий | 7 месяцев назад |
 | ROS-20241212-24 Уязвимость zabbix7-lts-server-pgsql | CVSS3: 9.9 | 87% Высокий | 6 месяцев назад |
| ROS-20241212-22 Уязвимость zabbix7-lts-server-mysql | CVSS3: 9.9 | 87% Высокий | 6 месяцев назад |
| ROS-20241212-04 Уязвимость zabbix-lts-server-pgsql | CVSS3: 9.9 | 87% Высокий | 6 месяцев назад |
| ROS-20241212-02 Уязвимость zabbix-lts-server-mysql | CVSS3: 9.9 | 87% Высокий | 6 месяцев назад |
Уязвимостей на страницу