Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-32722 (GCVE-0-2023-32722)
Vulnerability from cvelistv5 – Published: 2023-10-12 06:06 – Updated: 2025-11-03 21:48
VLAI
EPSS
Title
Stack-buffer Overflow in library module zbxjson
Summary
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zabbix | Zabbix |
Affected:
6.0.0 , ≤ 6.0.20
(git)
Affected: 6.4.0 , ≤ 6.4.5 (git) Affected: 7.0.0alpha1 , ≤ 7.0.0alpha3 (git) |
|
| zabbix | zabbix |
Affected:
6.0.0 , ≤ 6.0.20
(custom)
Affected: 6.4.0 , ≤ 6.4.5 (custom) cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* |
|
| zabbix | zabbix |
Affected:
7.0.0
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:* |
Date Public
2023-09-11 09:55
Credits
This vulnerability is found by Koffi (kandersonko) from HackerOne community.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:37.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-23390"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zabbix",
"vendor": "zabbix",
"versions": [
{
"lessThanOrEqual": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zabbix",
"vendor": "zabbix",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:26:49.479889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:37:01.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Agent",
"Proxy",
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.21rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.6rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.0alpha4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.0alpha3",
"status": "affected",
"version": "7.0.0alpha1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability is found by Koffi (kandersonko) from HackerOne community."
}
],
"datePublic": "2023-09-11T09:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
}
],
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T06:06:52.182Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-buffer Overflow in library module zbxjson",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2023-32722",
"datePublished": "2023-10-12T06:06:52.182Z",
"dateReserved": "2023-05-11T21:25:43.367Z",
"dateUpdated": "2025-11-03T21:48:37.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-32722",
"date": "2026-06-04",
"epss": "0.00357",
"percentile": "0.58271"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.20\", \"matchCriteriaId\": \"531CCCBF-46AD-4988-8A9D-ED4FD5208C71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.0\", \"versionEndIncluding\": \"6.4.5\", \"matchCriteriaId\": \"868F271E-2595-4D01-BF53-46460F98891A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"93EB5757-7F98-4428-9616-C30A647A6612\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA00BDB5-433F-44E5-87AC-DA01C64B5DB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C46C92-9D86-45CD-88FE-DFBB5502BB88\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del b\\u00fafer al analizar archivos JSON a trav\\u00e9s de zbx_json_open.\"}]",
"id": "CVE-2023-32722",
"lastModified": "2024-11-21T08:03:54.820",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zabbix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2023-10-12T07:15:10.217",
"references": "[{\"url\": \"https://support.zabbix.com/browse/ZBX-23390\", \"source\": \"security@zabbix.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.zabbix.com/browse/ZBX-23390\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@zabbix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32722\",\"sourceIdentifier\":\"security@zabbix.com\",\"published\":\"2023-10-12T07:15:10.217\",\"lastModified\":\"2025-11-03T22:16:21.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del b\u00fafer al analizar archivos JSON a trav\u00e9s de zbx_json_open.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.20\",\"matchCriteriaId\":\"531CCCBF-46AD-4988-8A9D-ED4FD5208C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.5\",\"matchCriteriaId\":\"868F271E-2595-4D01-BF53-46460F98891A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93EB5757-7F98-4428-9616-C30A647A6612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA00BDB5-433F-44E5-87AC-DA01C64B5DB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C46C92-9D86-45CD-88FE-DFBB5502BB88\"}]}]}],\"references\":[{\"url\":\"https://support.zabbix.com/browse/ZBX-23390\",\"source\":\"security@zabbix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-23390\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.zabbix.com/browse/ZBX-23390\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:48:37.420Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32722\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T15:26:49.479889Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\"], \"vendor\": \"zabbix\", \"product\": \"zabbix\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.20\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*\", \"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*\", \"cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*\"], \"vendor\": \"zabbix\", \"product\": \"zabbix\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T15:36:51.133Z\"}}], \"cna\": {\"title\": \"Stack-buffer Overflow in library module zbxjson\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"This vulnerability is found by Koffi (kandersonko) from HackerOne community.\"}], \"impacts\": [{\"capecId\": \"CAPEC-253\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-253 Remote Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://git.zabbix.com/\", \"vendor\": \"Zabbix\", \"modules\": [\"Agent\", \"Proxy\", \"Server\"], \"product\": \"Zabbix\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"6.0.21rc1\", \"status\": \"unaffected\"}], \"version\": \"6.0.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"6.0.20\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"6.4.6rc1\", \"status\": \"unaffected\"}], \"version\": \"6.4.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"6.4.5\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"7.0.0alpha4\", \"status\": \"unaffected\"}], \"version\": \"7.0.0alpha1\", \"versionType\": \"git\", \"lessThanOrEqual\": \"7.0.0alpha3\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-11T09:55:00.000Z\", \"references\": [{\"url\": \"https://support.zabbix.com/browse/ZBX-23390\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"72de3e22-0555-4a0d-ae81-9249e0f0a1e8\", \"shortName\": \"Zabbix\", \"dateUpdated\": \"2023-10-12T06:06:52.182Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-32722\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:48:37.420Z\", \"dateReserved\": \"2023-05-11T21:25:43.367Z\", \"assignerOrgId\": \"72de3e22-0555-4a0d-ae81-9249e0f0a1e8\", \"datePublished\": \"2023-10-12T06:06:52.182Z\", \"assignerShortName\": \"Zabbix\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix связана с выходом операции за границы буфера. Эксплуатация уязвимости может позвлить нарушителю, действующему удаленно, выполнить произвольный код
Severity
Vendor
ООО «Ред Софт», ООО «РусБИТех-Астра», Zabbix LLC., АО «ИВК», АО "НППКТ"
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Zabbix, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), от 6.0.0 до 6.0.20 включительно (Zabbix), от 6.4.0 до 6.4.5 включительно (Zabbix), - (АЛЬТ СП 10), 7.0.0 alpha1 (Zabbix), 7.0.0 alpha2 (Zabbix), 7.0.0 alpha3 (Zabbix), до 2.11 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
https://support.zabbix.com/browse/ZBX-23390
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОСОН ОСнова Оnyx (2.11):
Обновление программного обеспечения zabbix до версии 1:6.0.29+dfsg-1osnova1
Для ОС Astra Linux:
обновить пакет zabbix до 1:6.0.29+dfsg-1+ci202405271621+astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет zabbix до 1:6.0.29+dfsg-1+ci202405271621+astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Reference
https://support.zabbix.com/browse/ZBX-23390
https://altsp.su/obnovleniya-bezopasnosti/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
CWE
CWE-120, CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Zabbix LLC., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u043e\u0442 6.0.0 \u0434\u043e 6.0.20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), \u043e\u0442 6.4.0 \u0434\u043e 6.4.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zabbix), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 7.0.0 alpha1 (Zabbix), 7.0.0 alpha2 (Zabbix), 7.0.0 alpha3 (Zabbix), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.zabbix.com/browse/ZBX-23390\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (2.11):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f zabbix \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:6.0.29+dfsg-1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:6.0.29+dfsg-1+ci202405271621+astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 zabbix \u0434\u043e 1:6.0.29+dfsg-1+ci202405271621+astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.11.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08246",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-32722",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Zabbix, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f zabbix/src/libs/zbxjson \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Zabbix, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f zabbix/src/libs/zbxjson \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Zabbix \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.zabbix.com/browse/ZBX-23390\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,6)"
}
FKIE_CVE-2023-32722
Vulnerability from fkie_nvd - Published: 2023-10-12 07:15 - Updated: 2025-11-03 22:16
Severity
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "531CCCBF-46AD-4988-8A9D-ED4FD5208C71",
"versionEndIncluding": "6.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "868F271E-2595-4D01-BF53-46460F98891A",
"versionEndIncluding": "6.4.5",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "93EB5757-7F98-4428-9616-C30A647A6612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "98C46C92-9D86-45CD-88FE-DFBB5502BB88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
},
{
"lang": "es",
"value": "El m\u00f3dulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del b\u00fafer al analizar archivos JSON a trav\u00e9s de zbx_json_open."
}
],
"id": "CVE-2023-32722",
"lastModified": "2025-11-03T22:16:21.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-12T07:15:10.217",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-23390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-23390"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G47W-CVCQ-QH23
Vulnerability from github – Published: 2023-10-12 09:30 – Updated: 2025-11-04 00:30
VLAI
Details
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Severity
9.6 (Critical)
{
"affected": [],
"aliases": [
"CVE-2023-32722"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-12T07:15:10Z",
"severity": "HIGH"
},
"details": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.",
"id": "GHSA-g47w-cvcq-qh23",
"modified": "2025-11-04T00:30:39Z",
"published": "2023-10-12T09:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32722"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-23390"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-32722
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-32722",
"id": "GSD-2023-32722"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-32722"
],
"details": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.",
"id": "GSD-2023-32722",
"modified": "2023-12-13T01:20:24.068627Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@zabbix.com",
"ID": "CVE-2023-32722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zabbix",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"changes": [
{
"at": "6.0.21rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.6rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.0alpha4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.0alpha3",
"status": "affected",
"version": "7.0.0alpha1",
"versionType": "git"
}
]
}
}
]
}
}
]
},
"vendor_name": "Zabbix"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "This vulnerability is found by Koffi (kandersonko) from HackerOne community."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-120",
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zabbix.com/browse/ZBX-23390",
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-23390"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.5",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@zabbix.com",
"ID": "CVE-2023-32722"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zabbix.com/browse/ZBX-23390",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-23390"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-10-17T15:07Z",
"publishedDate": "2023-10-12T07:15Z"
}
}
}
OPENSUSE-SU-2024:13341-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
zabbix-agent-6.0.22-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: zabbix-agent-6.0.22-1.1 on GA media
Description of the patch: These are all security issues fixed in the zabbix-agent-6.0.22-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13341
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.6 (Critical)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zabbix-agent-6.0.22-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zabbix-agent-6.0.22-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13341",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13341-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-32722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-32722/"
}
],
"title": "zabbix-agent-6.0.22-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13341-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-agent-6.0.22-1.1.aarch64",
"product_id": "zabbix-agent-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-java-gateway-6.0.22-1.1.aarch64",
"product_id": "zabbix-java-gateway-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-proxy-6.0.22-1.1.aarch64",
"product_id": "zabbix-proxy-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"product_id": "zabbix-proxy-mysql-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"product_id": "zabbix-proxy-postgresql-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"product_id": "zabbix-proxy-sqlite-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-server-6.0.22-1.1.aarch64",
"product_id": "zabbix-server-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-server-mysql-6.0.22-1.1.aarch64",
"product_id": "zabbix-server-mysql-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-server-postgresql-6.0.22-1.1.aarch64",
"product_id": "zabbix-server-postgresql-6.0.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zabbix-ui-6.0.22-1.1.aarch64",
"product": {
"name": "zabbix-ui-6.0.22-1.1.aarch64",
"product_id": "zabbix-ui-6.0.22-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-agent-6.0.22-1.1.ppc64le",
"product_id": "zabbix-agent-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-java-gateway-6.0.22-1.1.ppc64le",
"product_id": "zabbix-java-gateway-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-6.0.22-1.1.ppc64le",
"product_id": "zabbix-proxy-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"product_id": "zabbix-proxy-mysql-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"product_id": "zabbix-proxy-postgresql-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"product_id": "zabbix-proxy-sqlite-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-server-6.0.22-1.1.ppc64le",
"product_id": "zabbix-server-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-server-mysql-6.0.22-1.1.ppc64le",
"product_id": "zabbix-server-mysql-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"product_id": "zabbix-server-postgresql-6.0.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zabbix-ui-6.0.22-1.1.ppc64le",
"product": {
"name": "zabbix-ui-6.0.22-1.1.ppc64le",
"product_id": "zabbix-ui-6.0.22-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-agent-6.0.22-1.1.s390x",
"product_id": "zabbix-agent-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-java-gateway-6.0.22-1.1.s390x",
"product_id": "zabbix-java-gateway-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-proxy-6.0.22-1.1.s390x",
"product_id": "zabbix-proxy-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.s390x",
"product_id": "zabbix-proxy-mysql-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"product_id": "zabbix-proxy-postgresql-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"product_id": "zabbix-proxy-sqlite-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-server-6.0.22-1.1.s390x",
"product_id": "zabbix-server-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-server-mysql-6.0.22-1.1.s390x",
"product_id": "zabbix-server-mysql-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-server-postgresql-6.0.22-1.1.s390x",
"product_id": "zabbix-server-postgresql-6.0.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zabbix-ui-6.0.22-1.1.s390x",
"product": {
"name": "zabbix-ui-6.0.22-1.1.s390x",
"product_id": "zabbix-ui-6.0.22-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zabbix-agent-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-agent-6.0.22-1.1.x86_64",
"product_id": "zabbix-agent-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-java-gateway-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-java-gateway-6.0.22-1.1.x86_64",
"product_id": "zabbix-java-gateway-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-proxy-6.0.22-1.1.x86_64",
"product_id": "zabbix-proxy-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"product_id": "zabbix-proxy-mysql-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"product_id": "zabbix-proxy-postgresql-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"product_id": "zabbix-proxy-sqlite-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-server-6.0.22-1.1.x86_64",
"product_id": "zabbix-server-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-mysql-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-server-mysql-6.0.22-1.1.x86_64",
"product_id": "zabbix-server-mysql-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-server-postgresql-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-server-postgresql-6.0.22-1.1.x86_64",
"product_id": "zabbix-server-postgresql-6.0.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zabbix-ui-6.0.22-1.1.x86_64",
"product": {
"name": "zabbix-ui-6.0.22-1.1.x86_64",
"product_id": "zabbix-ui-6.0.22-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-agent-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-agent-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-agent-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-agent-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-agent-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-java-gateway-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-java-gateway-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-java-gateway-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-java-gateway-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-java-gateway-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-proxy-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-proxy-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-proxy-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-proxy-mysql-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-mysql-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-postgresql-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-proxy-sqlite-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-server-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-server-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-server-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-server-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-server-mysql-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-server-mysql-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-server-mysql-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-mysql-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-server-mysql-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-server-postgresql-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-server-postgresql-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-server-postgresql-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-server-postgresql-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-ui-6.0.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.aarch64"
},
"product_reference": "zabbix-ui-6.0.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-ui-6.0.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.ppc64le"
},
"product_reference": "zabbix-ui-6.0.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-ui-6.0.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.s390x"
},
"product_reference": "zabbix-ui-6.0.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zabbix-ui-6.0.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.x86_64"
},
"product_reference": "zabbix-ui-6.0.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-32722"
}
],
"notes": [
{
"category": "general",
"text": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-32722",
"url": "https://www.suse.com/security/cve/CVE-2023-32722"
},
{
"category": "external",
"summary": "SUSE Bug 1216211 for CVE-2023-32722",
"url": "https://bugzilla.suse.com/1216211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-agent-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-java-gateway-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-proxy-sqlite-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-mysql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-server-postgresql-6.0.22-1.1.x86_64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.aarch64",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.ppc64le",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.s390x",
"openSUSE Tumbleweed:zabbix-ui-6.0.22-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-32722"
}
]
}
WID-SEC-W-2023-2638
Vulnerability from csaf_certbund - Published: 2023-10-11 22:00 - Updated: 2024-10-03 22:00Summary
Zabbix: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Es besteht eine Schwachstelle in Zabbix. Dieser Fehler existiert im Agent 2-Paket, da es mit der von CVE-2023-24538 betroffenen Go-Version gebaut wurde. Go-Schablonen behandeln Backticks (`) in JavaScript-Schablonenliteralen nicht wie erwartet, was die Einschleusung von beliebigem JavaScript-Code in die Go-Schablonen ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <4.4.8rc1
Zabbix / Zabbix
|
<4.4.8rc1 | ||
|
Zabbix Zabbix <5.0.0alpha4
Zabbix / Zabbix
|
<5.0.0alpha4 | ||
|
Zabbix Zabbix <4.0.20rc1
Zabbix / Zabbix
|
<4.0.20rc1 | ||
|
Zabbix Zabbix <6.0.18
Zabbix / Zabbix
|
<6.0.18 | ||
|
Zabbix Zabbix <5.0.35
Zabbix / Zabbix
|
<5.0.35 | ||
|
Zabbix Zabbix <4.0.48rc1
Zabbix / Zabbix
|
<4.0.48rc1 | ||
|
Zabbix Zabbix <6.4.3
Zabbix / Zabbix
|
<6.4.3 |
In Zabbix existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in Maps element nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Zabbix Zabbix <6.0.21rc1
Zabbix / Zabbix
|
<6.0.21rc1 | ||
|
Zabbix Zabbix <5.0.37rc1
Zabbix / Zabbix
|
<5.0.37rc1 | ||
|
Zabbix Zabbix <7.0.0alpha4
Zabbix / Zabbix
|
<7.0.0alpha4 | ||
|
Zabbix Zabbix <6.4.6rc1
Zabbix / Zabbix
|
<6.4.6rc1 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <4.4.8rc1
Zabbix / Zabbix
|
<4.4.8rc1 | ||
|
Zabbix Zabbix <5.0.0alpha4
Zabbix / Zabbix
|
<5.0.0alpha4 | ||
|
Zabbix Zabbix <4.0.20rc1
Zabbix / Zabbix
|
<4.0.20rc1 | ||
|
Zabbix Zabbix <6.0.18
Zabbix / Zabbix
|
<6.0.18 | ||
|
Zabbix Zabbix <5.0.35
Zabbix / Zabbix
|
<5.0.35 | ||
|
Zabbix Zabbix <4.0.48rc1
Zabbix / Zabbix
|
<4.0.48rc1 | ||
|
Zabbix Zabbix <6.4.3
Zabbix / Zabbix
|
<6.4.3 |
Es besteht eine Schwachstelle in Zabbix. Dieser Fehler existiert im "zabbix/src/libs/zbxjson" Modul aufgrund eines stapelbasierten Pufferüberlaufs beim Parsen von json-Dateien über "zbx_json_open". Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Zabbix Zabbix <6.0.21rc1
Zabbix / Zabbix
|
<6.0.21rc1 | ||
|
Zabbix Zabbix <5.0.37rc1
Zabbix / Zabbix
|
<5.0.37rc1 | ||
|
Zabbix Zabbix <7.0.0alpha4
Zabbix / Zabbix
|
<7.0.0alpha4 | ||
|
Zabbix Zabbix <6.4.6rc1
Zabbix / Zabbix
|
<6.4.6rc1 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <4.4.8rc1
Zabbix / Zabbix
|
<4.4.8rc1 | ||
|
Zabbix Zabbix <5.0.0alpha4
Zabbix / Zabbix
|
<5.0.0alpha4 | ||
|
Zabbix Zabbix <4.0.20rc1
Zabbix / Zabbix
|
<4.0.20rc1 | ||
|
Zabbix Zabbix <6.0.18
Zabbix / Zabbix
|
<6.0.18 | ||
|
Zabbix Zabbix <5.0.35
Zabbix / Zabbix
|
<5.0.35 | ||
|
Zabbix Zabbix <4.0.48rc1
Zabbix / Zabbix
|
<4.0.48rc1 | ||
|
Zabbix Zabbix <6.4.3
Zabbix / Zabbix
|
<6.4.3 |
Es besteht eine Schwachstelle in Zabbix. Dieser Fehler besteht in der Klasse "CControllerAuthenticationUpdate" aufgrund einer ineffizienten Überprüfung der Benutzerrechte, bei der die Anfrage an den LDAP gesendet wird, bevor die Benutzerrechte überprüft werden. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <4.4.8rc1
Zabbix / Zabbix
|
<4.4.8rc1 | ||
|
Zabbix Zabbix <5.0.0alpha4
Zabbix / Zabbix
|
<5.0.0alpha4 | ||
|
Zabbix Zabbix <4.0.20rc1
Zabbix / Zabbix
|
<4.0.20rc1 |
Es besteht eine Schwachstelle in Zabbix bezüglich der JS-Engine. Zabbix-Benutzer können direkt auf Speicherzeiger zugreifen und diese modifizieren. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Zabbix Zabbix <6.0.21rc1
Zabbix / Zabbix
|
<6.0.21rc1 | ||
|
Zabbix Zabbix <5.0.37rc1
Zabbix / Zabbix
|
<5.0.37rc1 | ||
|
Zabbix Zabbix <7.0.0alpha4
Zabbix / Zabbix
|
<7.0.0alpha4 | ||
|
Zabbix Zabbix <6.4.6rc1
Zabbix / Zabbix
|
<6.4.6rc1 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Zabbix Zabbix <4.4.8rc1
Zabbix / Zabbix
|
<4.4.8rc1 | ||
|
Zabbix Zabbix <5.0.0alpha4
Zabbix / Zabbix
|
<5.0.0alpha4 | ||
|
Zabbix Zabbix <4.0.20rc1
Zabbix / Zabbix
|
<4.0.20rc1 | ||
|
Zabbix Zabbix <6.0.18
Zabbix / Zabbix
|
<6.0.18 | ||
|
Zabbix Zabbix <5.0.35
Zabbix / Zabbix
|
<5.0.35 | ||
|
Zabbix Zabbix <4.0.48rc1
Zabbix / Zabbix
|
<4.0.48rc1 | ||
|
Zabbix Zabbix <6.4.3
Zabbix / Zabbix
|
<6.4.3 |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2638 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2638.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2638 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2638"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3717 vom 2024-01-24",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES ZBX-23230 vom 2023-10-11",
"url": "https://support.zabbix.com/browse/ZBX-23230"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES ZBX-23388 vom 2023-10-11",
"url": "https://support.zabbix.com/browse/ZBX-23388"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES ZBX-23389 vom 2023-10-11",
"url": "https://support.zabbix.com/browse/ZBX-23389"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES ZBX-23390 vom 2023-10-11",
"url": "https://support.zabbix.com/browse/ZBX-23390"
},
{
"category": "external",
"summary": "ZABBIX BUGS AND ISSUES ZBX-23391 vom 2023-10-11",
"url": "https://support.zabbix.com/browse/ZBX-23391"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3909 vom 2024-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Zabbix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:28.359+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2638",
"initial_release_date": "2023-10-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.0.0alpha4",
"product": {
"name": "Zabbix Zabbix \u003c5.0.0alpha4",
"product_id": "T030478"
}
},
{
"category": "product_version",
"name": "5.0.0alpha4",
"product": {
"name": "Zabbix Zabbix 5.0.0alpha4",
"product_id": "T030478-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.0alpha4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.8rc1",
"product": {
"name": "Zabbix Zabbix \u003c4.4.8rc1",
"product_id": "T030479"
}
},
{
"category": "product_version",
"name": "4.4.8rc1",
"product": {
"name": "Zabbix Zabbix 4.4.8rc1",
"product_id": "T030479-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:4.4.8rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.0.20rc1",
"product": {
"name": "Zabbix Zabbix \u003c4.0.20rc1",
"product_id": "T030480"
}
},
{
"category": "product_version",
"name": "4.0.20rc1",
"product": {
"name": "Zabbix Zabbix 4.0.20rc1",
"product_id": "T030480-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:4.0.20rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.35",
"product": {
"name": "Zabbix Zabbix \u003c5.0.35",
"product_id": "T030481"
}
},
{
"category": "product_version",
"name": "5.0.35",
"product": {
"name": "Zabbix Zabbix 5.0.35",
"product_id": "T030481-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.35"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.18",
"product": {
"name": "Zabbix Zabbix \u003c6.0.18",
"product_id": "T030482"
}
},
{
"category": "product_version",
"name": "6.0.18",
"product": {
"name": "Zabbix Zabbix 6.0.18",
"product_id": "T030482-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.3",
"product": {
"name": "Zabbix Zabbix \u003c6.4.3",
"product_id": "T030483"
}
},
{
"category": "product_version",
"name": "6.4.3",
"product": {
"name": "Zabbix Zabbix 6.4.3",
"product_id": "T030483-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.0.48rc1",
"product": {
"name": "Zabbix Zabbix \u003c4.0.48rc1",
"product_id": "T030484"
}
},
{
"category": "product_version",
"name": "4.0.48rc1",
"product": {
"name": "Zabbix Zabbix 4.0.48rc1",
"product_id": "T030484-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:4.0.48rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.37rc1",
"product": {
"name": "Zabbix Zabbix \u003c5.0.37rc1",
"product_id": "T030485"
}
},
{
"category": "product_version",
"name": "5.0.37rc1",
"product": {
"name": "Zabbix Zabbix 5.0.37rc1",
"product_id": "T030485-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:5.0.37rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.21rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.0.21rc1",
"product_id": "T030486"
}
},
{
"category": "product_version",
"name": "6.0.21rc1",
"product": {
"name": "Zabbix Zabbix 6.0.21rc1",
"product_id": "T030486-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.0.21rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.6rc1",
"product": {
"name": "Zabbix Zabbix \u003c6.4.6rc1",
"product_id": "T030487"
}
},
{
"category": "product_version",
"name": "6.4.6rc1",
"product": {
"name": "Zabbix Zabbix 6.4.6rc1",
"product_id": "T030487-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:6.4.6rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.0alpha4",
"product": {
"name": "Zabbix Zabbix \u003c7.0.0alpha4",
"product_id": "T030488"
}
},
{
"category": "product_version",
"name": "7.0.0alpha4",
"product": {
"name": "Zabbix Zabbix 7.0.0alpha4",
"product_id": "T030488-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:zabbix:zabbix:7.0.0alpha4"
}
}
}
],
"category": "product_name",
"name": "Zabbix"
}
],
"category": "vendor",
"name": "Zabbix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29453",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Zabbix. Dieser Fehler existiert im Agent 2-Paket, da es mit der von CVE-2023-24538 betroffenen Go-Version gebaut wurde. Go-Schablonen behandeln Backticks (`) in JavaScript-Schablonenliteralen nicht wie erwartet, was die Einschleusung von beliebigem JavaScript-Code in die Go-Schablonen erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T030479",
"T030478",
"T030480",
"T030482",
"T030481",
"T030484",
"T030483"
]
},
"release_date": "2023-10-11T22:00:00.000+00:00",
"title": "CVE-2023-29453"
},
{
"cve": "CVE-2023-32721",
"notes": [
{
"category": "description",
"text": "In Zabbix existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in Maps element nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T030486",
"T030485",
"T030488",
"T030487",
"2951",
"T030479",
"T030478",
"T030480",
"T030482",
"T030481",
"T030484",
"T030483"
]
},
"release_date": "2023-10-11T22:00:00.000+00:00",
"title": "CVE-2023-32721"
},
{
"cve": "CVE-2023-32722",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Zabbix. Dieser Fehler existiert im \"zabbix/src/libs/zbxjson\" Modul aufgrund eines stapelbasierten Puffer\u00fcberlaufs beim Parsen von json-Dateien \u00fcber \"zbx_json_open\". Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T030486",
"T030485",
"T030488",
"T030487",
"2951",
"T030479",
"T030478",
"T030480",
"T030482",
"T030481",
"T030484",
"T030483"
]
},
"release_date": "2023-10-11T22:00:00.000+00:00",
"title": "CVE-2023-32722"
},
{
"cve": "CVE-2023-32723",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Zabbix. Dieser Fehler besteht in der Klasse \"CControllerAuthenticationUpdate\" aufgrund einer ineffizienten \u00dcberpr\u00fcfung der Benutzerrechte, bei der die Anfrage an den LDAP gesendet wird, bevor die Benutzerrechte \u00fcberpr\u00fcft werden. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"2951",
"T030479",
"T030478",
"T030480"
]
},
"release_date": "2023-10-11T22:00:00.000+00:00",
"title": "CVE-2023-32723"
},
{
"cve": "CVE-2023-32724",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Zabbix bez\u00fcglich der JS-Engine. Zabbix-Benutzer k\u00f6nnen direkt auf Speicherzeiger zugreifen und diese modifizieren. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T030486",
"T030485",
"T030488",
"T030487",
"2951",
"T030479",
"T030478",
"T030480",
"T030482",
"T030481",
"T030484",
"T030483"
]
},
"release_date": "2023-10-11T22:00:00.000+00:00",
"title": "CVE-2023-32724"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…