Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-35230 (GCVE-0-2022-35230)
Vulnerability from cvelistv5
Published
2022-07-06 11:05
Modified
2024-09-16 22:10
Severity ?
EPSS score ?
Summary
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:29:17.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.zabbix.com/browse/ZBX-21305", }, { name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Frontend", vendor: "Zabbix", versions: [ { status: "affected", version: "4.0.0-4.0.42", }, { status: "affected", version: "5.0.0-5.0.24", }, ], }, ], credits: [ { lang: "en", value: "internal research", }, ], datePublic: "2022-04-27T00:00:00", descriptions: [ { lang: "en", value: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross-site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-12T00:00:00", orgId: "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", shortName: "Zabbix", }, references: [ { url: "https://support.zabbix.com/browse/ZBX-21305", }, { name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, ], solutions: [ { lang: "en", value: "To remediate this vulnerability, apply the updates", }, ], source: { discovery: "INTERNAL", }, title: "Reflected XSS in graphs page of Zabbix Frontend", workarounds: [ { lang: "en", value: "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the graphs.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", assignerShortName: "Zabbix", cveId: "CVE-2022-35230", datePublished: "2022-07-06T11:05:14.025474Z", dateReserved: "2022-07-05T00:00:00", dateUpdated: "2024-09-16T22:10:24.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.25\", \"matchCriteriaId\": \"F14B0723-57AD-4B46-9C1A-E9C06C2E1716\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"93246229-E4FF-49BB-9BCD-01CCCD43FCD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7B52616-759E-41B3-8983-F721AF87DCA5\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\"}, {\"lang\": \"es\", \"value\": \"Un usuario autenticado puede crear un enlace con c\\u00f3digo Javascript reflejado en su interior para la p\\u00e1gina de gr\\u00e1ficos y enviarlo a otros usuarios. La carga \\u00fatil s\\u00f3lo puede ejecutarse con un valor conocido del token CSRF de la v\\u00edctima, que es cambiado peri\\u00f3dicamente y es dif\\u00edcil de predecir\"}]", id: "CVE-2022-35230", lastModified: "2024-11-21T07:10:56.437", metrics: "{\"cvssMetricV31\": [{\"source\": \"security@zabbix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2022-07-06T11:15:09.020", references: "[{\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\", \"source\": \"security@zabbix.com\"}, {\"url\": \"https://support.zabbix.com/browse/ZBX-21305\", \"source\": \"security@zabbix.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.zabbix.com/browse/ZBX-21305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]", sourceIdentifier: "security@zabbix.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security@zabbix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-35230\",\"sourceIdentifier\":\"security@zabbix.com\",\"published\":\"2022-07-06T11:15:09.020\",\"lastModified\":\"2024-11-21T07:10:56.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\"},{\"lang\":\"es\",\"value\":\"Un usuario autenticado puede crear un enlace con código Javascript reflejado en su interior para la página de gráficos y enviarlo a otros usuarios. La carga útil sólo puede ejecutarse con un valor conocido del token CSRF de la víctima, que es cambiado periódicamente y es difícil de predecir\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@zabbix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.25\",\"matchCriteriaId\":\"F14B0723-57AD-4B46-9C1A-E9C06C2E1716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93246229-E4FF-49BB-9BCD-01CCCD43FCD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B52616-759E-41B3-8983-F721AF87DCA5\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"security@zabbix.com\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-21305\",\"source\":\"security@zabbix.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-21305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}", }, }
opensuse-su-2024:12212-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
zabbix-agent-4.0.42-1.1 on GA media
Notes
Title of the patch
zabbix-agent-4.0.42-1.1 on GA media
Description of the patch
These are all security issues fixed in the zabbix-agent-4.0.42-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12212
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "zabbix-agent-4.0.42-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the zabbix-agent-4.0.42-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12212", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12212-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-35230 page", url: "https://www.suse.com/security/cve/CVE-2022-35230/", }, ], title: "zabbix-agent-4.0.42-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12212-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "zabbix-agent-4.0.42-1.1.aarch64", product: { name: "zabbix-agent-4.0.42-1.1.aarch64", product_id: "zabbix-agent-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.42-1.1.aarch64", product: { name: "zabbix-java-gateway-4.0.42-1.1.aarch64", product_id: "zabbix-java-gateway-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.42-1.1.aarch64", product: { name: "zabbix-phpfrontend-4.0.42-1.1.aarch64", product_id: "zabbix-phpfrontend-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-4.0.42-1.1.aarch64", product: { name: "zabbix-proxy-4.0.42-1.1.aarch64", product_id: "zabbix-proxy-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.42-1.1.aarch64", product: { name: "zabbix-proxy-mysql-4.0.42-1.1.aarch64", product_id: "zabbix-proxy-mysql-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.42-1.1.aarch64", product: { name: "zabbix-proxy-postgresql-4.0.42-1.1.aarch64", product_id: "zabbix-proxy-postgresql-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.42-1.1.aarch64", product: { name: "zabbix-proxy-sqlite-4.0.42-1.1.aarch64", product_id: "zabbix-proxy-sqlite-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-4.0.42-1.1.aarch64", product: { name: "zabbix-server-4.0.42-1.1.aarch64", product_id: "zabbix-server-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.42-1.1.aarch64", product: { name: "zabbix-server-mysql-4.0.42-1.1.aarch64", product_id: "zabbix-server-mysql-4.0.42-1.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.42-1.1.aarch64", product: { name: "zabbix-server-postgresql-4.0.42-1.1.aarch64", product_id: "zabbix-server-postgresql-4.0.42-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.42-1.1.ppc64le", product: { name: "zabbix-agent-4.0.42-1.1.ppc64le", product_id: "zabbix-agent-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.42-1.1.ppc64le", product: { name: "zabbix-java-gateway-4.0.42-1.1.ppc64le", product_id: "zabbix-java-gateway-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.42-1.1.ppc64le", product: { name: "zabbix-phpfrontend-4.0.42-1.1.ppc64le", product_id: "zabbix-phpfrontend-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-4.0.42-1.1.ppc64le", product: { name: "zabbix-proxy-4.0.42-1.1.ppc64le", product_id: "zabbix-proxy-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.42-1.1.ppc64le", product: { name: "zabbix-proxy-mysql-4.0.42-1.1.ppc64le", product_id: "zabbix-proxy-mysql-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", product: { name: "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", product_id: "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", product: { name: "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", product_id: "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-4.0.42-1.1.ppc64le", product: { name: "zabbix-server-4.0.42-1.1.ppc64le", product_id: "zabbix-server-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.42-1.1.ppc64le", product: { name: "zabbix-server-mysql-4.0.42-1.1.ppc64le", product_id: "zabbix-server-mysql-4.0.42-1.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.42-1.1.ppc64le", product: { name: "zabbix-server-postgresql-4.0.42-1.1.ppc64le", product_id: "zabbix-server-postgresql-4.0.42-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.42-1.1.s390x", product: { name: "zabbix-agent-4.0.42-1.1.s390x", product_id: "zabbix-agent-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.42-1.1.s390x", product: { name: "zabbix-java-gateway-4.0.42-1.1.s390x", product_id: "zabbix-java-gateway-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.42-1.1.s390x", product: { name: "zabbix-phpfrontend-4.0.42-1.1.s390x", product_id: "zabbix-phpfrontend-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-4.0.42-1.1.s390x", product: { name: "zabbix-proxy-4.0.42-1.1.s390x", product_id: "zabbix-proxy-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.42-1.1.s390x", product: { name: "zabbix-proxy-mysql-4.0.42-1.1.s390x", product_id: "zabbix-proxy-mysql-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.42-1.1.s390x", product: { name: "zabbix-proxy-postgresql-4.0.42-1.1.s390x", product_id: "zabbix-proxy-postgresql-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.42-1.1.s390x", product: { name: "zabbix-proxy-sqlite-4.0.42-1.1.s390x", product_id: "zabbix-proxy-sqlite-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-server-4.0.42-1.1.s390x", product: { name: "zabbix-server-4.0.42-1.1.s390x", product_id: "zabbix-server-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.42-1.1.s390x", product: { name: "zabbix-server-mysql-4.0.42-1.1.s390x", product_id: "zabbix-server-mysql-4.0.42-1.1.s390x", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.42-1.1.s390x", product: { name: "zabbix-server-postgresql-4.0.42-1.1.s390x", product_id: "zabbix-server-postgresql-4.0.42-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.42-1.1.x86_64", product: { name: "zabbix-agent-4.0.42-1.1.x86_64", product_id: "zabbix-agent-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.42-1.1.x86_64", product: { name: "zabbix-java-gateway-4.0.42-1.1.x86_64", product_id: "zabbix-java-gateway-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.42-1.1.x86_64", product: { name: "zabbix-phpfrontend-4.0.42-1.1.x86_64", product_id: "zabbix-phpfrontend-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-4.0.42-1.1.x86_64", product: { name: "zabbix-proxy-4.0.42-1.1.x86_64", product_id: "zabbix-proxy-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.42-1.1.x86_64", product: { name: "zabbix-proxy-mysql-4.0.42-1.1.x86_64", product_id: "zabbix-proxy-mysql-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.42-1.1.x86_64", product: { name: "zabbix-proxy-postgresql-4.0.42-1.1.x86_64", product_id: "zabbix-proxy-postgresql-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.42-1.1.x86_64", product: { name: "zabbix-proxy-sqlite-4.0.42-1.1.x86_64", product_id: "zabbix-proxy-sqlite-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-4.0.42-1.1.x86_64", product: { name: "zabbix-server-4.0.42-1.1.x86_64", product_id: "zabbix-server-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.42-1.1.x86_64", product: { name: "zabbix-server-mysql-4.0.42-1.1.x86_64", product_id: "zabbix-server-mysql-4.0.42-1.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.42-1.1.x86_64", product: { name: "zabbix-server-postgresql-4.0.42-1.1.x86_64", product_id: "zabbix-server-postgresql-4.0.42-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64", }, product_reference: "zabbix-agent-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-agent-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x", }, product_reference: "zabbix-agent-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64", }, product_reference: "zabbix-agent-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-java-gateway-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64", }, product_reference: "zabbix-java-gateway-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-java-gateway-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-java-gateway-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-java-gateway-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x", }, product_reference: "zabbix-java-gateway-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-java-gateway-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64", }, product_reference: "zabbix-java-gateway-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-phpfrontend-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64", }, product_reference: "zabbix-phpfrontend-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-phpfrontend-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-phpfrontend-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-phpfrontend-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x", }, product_reference: "zabbix-phpfrontend-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-phpfrontend-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64", }, product_reference: "zabbix-phpfrontend-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64", }, product_reference: "zabbix-proxy-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-proxy-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x", }, product_reference: "zabbix-proxy-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64", }, product_reference: "zabbix-proxy-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-mysql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64", }, product_reference: "zabbix-proxy-mysql-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-mysql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-proxy-mysql-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-mysql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x", }, product_reference: "zabbix-proxy-mysql-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-mysql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64", }, product_reference: "zabbix-proxy-mysql-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-postgresql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64", }, product_reference: "zabbix-proxy-postgresql-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-postgresql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x", }, product_reference: "zabbix-proxy-postgresql-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-postgresql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64", }, product_reference: "zabbix-proxy-postgresql-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-sqlite-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64", }, product_reference: "zabbix-proxy-sqlite-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-sqlite-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x", }, product_reference: "zabbix-proxy-sqlite-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-proxy-sqlite-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64", }, product_reference: "zabbix-proxy-sqlite-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64", }, product_reference: "zabbix-server-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-server-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x", }, product_reference: "zabbix-server-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64", }, product_reference: "zabbix-server-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-mysql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64", }, product_reference: "zabbix-server-mysql-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-mysql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-server-mysql-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-mysql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x", }, product_reference: "zabbix-server-mysql-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-mysql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64", }, product_reference: "zabbix-server-mysql-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-postgresql-4.0.42-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64", }, product_reference: "zabbix-server-postgresql-4.0.42-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-postgresql-4.0.42-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le", }, product_reference: "zabbix-server-postgresql-4.0.42-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-postgresql-4.0.42-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x", }, product_reference: "zabbix-server-postgresql-4.0.42-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "zabbix-server-postgresql-4.0.42-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64", }, product_reference: "zabbix-server-postgresql-4.0.42-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-35230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35230", }, ], notes: [ { category: "general", text: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35230", url: "https://www.suse.com/security/cve/CVE-2022-35230", }, { category: "external", summary: "SUSE Bug 1201290 for CVE-2022-35230", url: "https://bugzilla.suse.com/1201290", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-agent-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-java-gateway-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-phpfrontend-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-mysql-4.0.42-1.1.x86_64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.aarch64", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.ppc64le", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.s390x", "openSUSE Tumbleweed:zabbix-server-postgresql-4.0.42-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-35230", }, ], }
ghsa-6f4g-hm4f-cqp3
Vulnerability from github
Published
2022-07-07 00:00
Modified
2022-07-15 00:00
Severity ?
Details
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
{ affected: [], aliases: [ "CVE-2022-35230", ], database_specific: { cwe_ids: [ "CWE-79", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-07-06T11:15:00Z", severity: "MODERATE", }, details: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", id: "GHSA-6f4g-hm4f-cqp3", modified: "2022-07-15T00:00:15Z", published: "2022-07-07T00:00:28Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-35230", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, { type: "WEB", url: "https://support.zabbix.com/browse/ZBX-21305", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, ], }
fkie_cve-2022-35230
Vulnerability from fkie_nvd
Published
2022-07-06 11:15
Modified
2024-11-21 07:10
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", matchCriteriaId: "F14B0723-57AD-4B46-9C1A-E9C06C2E1716", versionEndExcluding: "5.0.25", vulnerable: true, }, { criteria: "cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*", matchCriteriaId: "93246229-E4FF-49BB-9BCD-01CCCD43FCD5", vulnerable: true, }, { criteria: "cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*", matchCriteriaId: "A7B52616-759E-41B3-8983-F721AF87DCA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", }, { lang: "es", value: "Un usuario autenticado puede crear un enlace con código Javascript reflejado en su interior para la página de gráficos y enviarlo a otros usuarios. La carga útil sólo puede ejecutarse con un valor conocido del token CSRF de la víctima, que es cambiado periódicamente y es difícil de predecir", }, ], id: "CVE-2022-35230", lastModified: "2024-11-21T07:10:56.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "security@zabbix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T11:15:09.020", references: [ { source: "security@zabbix.com", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, { source: "security@zabbix.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.zabbix.com/browse/ZBX-21305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.zabbix.com/browse/ZBX-21305", }, ], sourceIdentifier: "security@zabbix.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@zabbix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
WID-SEC-W-2022-0591
Vulnerability from csaf_certbund
Published
2022-07-06 22:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
{ document: { aggregate_severity: { text: "niedrig", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0591 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0591.json", }, { category: "self", summary: "WID-SEC-2022-0591 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0591", }, { category: "external", summary: "Zabbix Security Advisory vom 2022-07-06", url: "https://support.zabbix.com/browse/ZBX-21305", }, { category: "external", summary: "Zabbix Security Advisory vom 2022-07-06", url: "https://support.zabbix.com/browse/ZBX-21306", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3101-1 vom 2022-09-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html", }, { category: "external", summary: "Debian Security Advisory DLA-3390 vom 2023-04-12", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html", }, { category: "external", summary: "Debian Security Advisory DLA-3390 vom 2023-04-12", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, { category: "external", summary: "Debian Security Advisory DLA-3538 vom 2023-08-22", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6751-1 vom 2024-04-25", url: "https://ubuntu.com/security/notices/USN-6751-1", }, { category: "external", summary: "Debian Security Advisory DLA-3909 vom 2024-10-03", url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html", }, ], source_lang: "en-US", title: "Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting", tracking: { current_release_date: "2024-10-03T22:00:00.000+00:00", generator: { date: "2024-10-04T08:13:32.287+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2022-0591", initial_release_date: "2022-07-06T22:00:00.000+00:00", revision_history: [ { date: "2022-07-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-09-06T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-04-12T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-08-22T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-04-25T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Debian aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version_range", name: "Frontend <5.0.25rc1", product: { name: "Zabbix Zabbix Frontend <5.0.25rc1", product_id: "T023739", }, }, { category: "product_version", name: "Frontend 5.0.25rc1", product: { name: "Zabbix Zabbix Frontend 5.0.25rc1", product_id: "T023739-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__5.0.25rc1", }, }, }, { category: "product_version_range", name: "Frontend <6.0.5rc1", product: { name: "Zabbix Zabbix Frontend <6.0.5rc1", product_id: "T023740", }, }, { category: "product_version", name: "Frontend 6.0.5rc1", product: { name: "Zabbix Zabbix Frontend 6.0.5rc1", product_id: "T023740-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__6.0.5rc1", }, }, }, { category: "product_version_range", name: "Frontend <6.2.0rc1", product: { name: "Zabbix Zabbix Frontend <6.2.0rc1", product_id: "T023741", }, }, { category: "product_version", name: "Frontend 6.2.0rc1", product: { name: "Zabbix Zabbix Frontend 6.2.0rc1", product_id: "T023741-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__6.2.0rc1", }, }, }, ], category: "product_name", name: "Zabbix", }, ], category: "vendor", name: "Zabbix", }, ], }, vulnerabilities: [ { cve: "CVE-2022-35229", notes: [ { category: "description", text: "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "T023740", "T023741", "T023739", ], }, release_date: "2022-07-06T22:00:00.000+00:00", title: "CVE-2022-35229", }, { cve: "CVE-2022-35230", notes: [ { category: "description", text: "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "T023740", "T023741", "T023739", ], }, release_date: "2022-07-06T22:00:00.000+00:00", title: "CVE-2022-35230", }, ], }
wid-sec-w-2022-0591
Vulnerability from csaf_certbund
Published
2022-07-06 22:00
Modified
2024-10-03 22:00
Summary
Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
{ document: { aggregate_severity: { text: "niedrig", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0591 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0591.json", }, { category: "self", summary: "WID-SEC-2022-0591 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0591", }, { category: "external", summary: "Zabbix Security Advisory vom 2022-07-06", url: "https://support.zabbix.com/browse/ZBX-21305", }, { category: "external", summary: "Zabbix Security Advisory vom 2022-07-06", url: "https://support.zabbix.com/browse/ZBX-21306", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3101-1 vom 2022-09-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html", }, { category: "external", summary: "Debian Security Advisory DLA-3390 vom 2023-04-12", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00014.html", }, { category: "external", summary: "Debian Security Advisory DLA-3390 vom 2023-04-12", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, { category: "external", summary: "Debian Security Advisory DLA-3538 vom 2023-08-22", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6751-1 vom 2024-04-25", url: "https://ubuntu.com/security/notices/USN-6751-1", }, { category: "external", summary: "Debian Security Advisory DLA-3909 vom 2024-10-03", url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html", }, ], source_lang: "en-US", title: "Zabbix: Mehrere Schwachstellen ermöglichen Cross-Site Scripting", tracking: { current_release_date: "2024-10-03T22:00:00.000+00:00", generator: { date: "2024-10-04T08:13:32.287+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2022-0591", initial_release_date: "2022-07-06T22:00:00.000+00:00", revision_history: [ { date: "2022-07-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-09-06T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-04-12T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-08-22T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-04-25T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Debian aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version_range", name: "Frontend <5.0.25rc1", product: { name: "Zabbix Zabbix Frontend <5.0.25rc1", product_id: "T023739", }, }, { category: "product_version", name: "Frontend 5.0.25rc1", product: { name: "Zabbix Zabbix Frontend 5.0.25rc1", product_id: "T023739-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__5.0.25rc1", }, }, }, { category: "product_version_range", name: "Frontend <6.0.5rc1", product: { name: "Zabbix Zabbix Frontend <6.0.5rc1", product_id: "T023740", }, }, { category: "product_version", name: "Frontend 6.0.5rc1", product: { name: "Zabbix Zabbix Frontend 6.0.5rc1", product_id: "T023740-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__6.0.5rc1", }, }, }, { category: "product_version_range", name: "Frontend <6.2.0rc1", product: { name: "Zabbix Zabbix Frontend <6.2.0rc1", product_id: "T023741", }, }, { category: "product_version", name: "Frontend 6.2.0rc1", product: { name: "Zabbix Zabbix Frontend 6.2.0rc1", product_id: "T023741-fixed", product_identification_helper: { cpe: "cpe:/a:zabbix:zabbix:frontend__6.2.0rc1", }, }, }, ], category: "product_name", name: "Zabbix", }, ], category: "vendor", name: "Zabbix", }, ], }, vulnerabilities: [ { cve: "CVE-2022-35229", notes: [ { category: "description", text: "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "T023740", "T023741", "T023739", ], }, release_date: "2022-07-06T22:00:00.000+00:00", title: "CVE-2022-35229", }, { cve: "CVE-2022-35230", notes: [ { category: "description", text: "In Zabbix existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der Graph-Seite und der Entdecken-Seite nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "T023740", "T023741", "T023739", ], }, release_date: "2022-07-06T22:00:00.000+00:00", title: "CVE-2022-35230", }, ], }
gsd-2022-35230
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-35230", description: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", id: "GSD-2022-35230", references: [ "https://www.suse.com/security/cve/CVE-2022-35230.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-35230", ], details: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", id: "GSD-2022-35230", modified: "2023-12-13T01:19:33.498992Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { AKA: "ZBV-2022-04-2", ASSIGNER: "security@zabbix.com", DATE_PUBLIC: "2022-04-27T12:50:00.000Z", ID: "CVE-2022-35230", STATE: "PUBLIC", TITLE: "Reflected XSS in graphs page of Zabbix Frontend", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Frontend", version: { version_data: [ { version_affected: "=", version_value: "4.0.0-4.0.42", }, { version_affected: "=", version_value: "5.0.0-5.0.24", }, ], }, }, ], }, vendor_name: "Zabbix", }, ], }, }, credit: [ { lang: "eng", value: "internal research", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.zabbix.com/browse/ZBX-21305", refsource: "MISC", url: "https://support.zabbix.com/browse/ZBX-21305", }, { name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, ], }, solution: [ { lang: "eng", value: "To remediate this vulnerability, apply the updates", }, ], source: { discovery: "INTERNAL", }, work_around: [ { lang: "eng", value: "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the graphs.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.0.25", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:zabbix:zabbix:5.0.25:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@zabbix.com", ID: "CVE-2022-35230", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "N/A", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.zabbix.com/browse/ZBX-21305", }, { name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update", refsource: "MLIST", tags: [], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, }, }, lastModifiedDate: "2023-04-12T16:15Z", publishedDate: "2022-07-06T11:15Z", }, }, }
suse-su-2022:3101-1
Vulnerability from csaf_suse
Published
2022-09-06 07:47
Modified
2022-09-06 07:47
Summary
Security update for zabbix
Notes
Title of the patch
Security update for zabbix
Description of the patch
This update for zabbix fixes the following issues:
- CVE-2022-35230: Javascript embedded in links for graphs page will be executed (bsc#1201290).
Patchnames
SUSE-2022-3101,SUSE-SLE-SERVER-12-SP5-2022-3101
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for zabbix", title: "Title of the patch", }, { category: "description", text: "This update for zabbix fixes the following issues:\n\n- CVE-2022-35230: Javascript embedded in links for graphs page will be executed (bsc#1201290).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3101,SUSE-SLE-SERVER-12-SP5-2022-3101", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3101-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3101-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223101-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3101-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html", }, { category: "self", summary: "SUSE Bug 1201290", url: "https://bugzilla.suse.com/1201290", }, { category: "self", summary: "SUSE CVE CVE-2022-35230 page", url: "https://www.suse.com/security/cve/CVE-2022-35230/", }, ], title: "Security update for zabbix", tracking: { current_release_date: "2022-09-06T07:47:57Z", generator: { date: "2022-09-06T07:47:57Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3101-1", initial_release_date: "2022-09-06T07:47:57Z", revision_history: [ { date: "2022-09-06T07:47:57Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.aarch64", product: { name: "zabbix-agent-4.0.12-4.18.1.aarch64", product_id: "zabbix-agent-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.aarch64", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.aarch64", product_id: "zabbix-java-gateway-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.aarch64", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.aarch64", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.aarch64", product: { name: "zabbix-proxy-4.0.12-4.18.1.aarch64", product_id: "zabbix-proxy-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.aarch64", product: { name: "zabbix-server-4.0.12-4.18.1.aarch64", product_id: "zabbix-server-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.aarch64", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.aarch64", product_id: "zabbix-server-mysql-4.0.12-4.18.1.aarch64", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.aarch64", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.aarch64", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.i586", product: { name: "zabbix-agent-4.0.12-4.18.1.i586", product_id: "zabbix-agent-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.i586", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.i586", product_id: "zabbix-java-gateway-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.i586", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.i586", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.i586", product: { name: "zabbix-proxy-4.0.12-4.18.1.i586", product_id: "zabbix-proxy-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.i586", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.i586", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.i586", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.i586", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.i586", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.i586", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.i586", product: { name: "zabbix-server-4.0.12-4.18.1.i586", product_id: "zabbix-server-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.i586", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.i586", product_id: "zabbix-server-mysql-4.0.12-4.18.1.i586", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.i586", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.i586", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-agent-4.0.12-4.18.1.ppc64le", product_id: "zabbix-agent-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.ppc64le", product_id: "zabbix-java-gateway-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-proxy-4.0.12-4.18.1.ppc64le", product_id: "zabbix-proxy-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-server-4.0.12-4.18.1.ppc64le", product_id: "zabbix-server-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.ppc64le", product_id: "zabbix-server-mysql-4.0.12-4.18.1.ppc64le", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.s390", product: { name: "zabbix-agent-4.0.12-4.18.1.s390", product_id: "zabbix-agent-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.s390", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.s390", product_id: "zabbix-java-gateway-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.s390", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.s390", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.s390", product: { name: "zabbix-proxy-4.0.12-4.18.1.s390", product_id: "zabbix-proxy-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.s390", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.s390", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.s390", product: { name: "zabbix-server-4.0.12-4.18.1.s390", product_id: "zabbix-server-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.s390", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.s390", product_id: "zabbix-server-mysql-4.0.12-4.18.1.s390", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.s390", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.s390", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.s390x", product: { name: "zabbix-agent-4.0.12-4.18.1.s390x", product_id: "zabbix-agent-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.s390x", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.s390x", product_id: "zabbix-java-gateway-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.s390x", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.s390x", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.s390x", product: { name: "zabbix-proxy-4.0.12-4.18.1.s390x", product_id: "zabbix-proxy-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.s390x", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.s390x", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.s390x", product: { name: "zabbix-server-4.0.12-4.18.1.s390x", product_id: "zabbix-server-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.s390x", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.s390x", product_id: "zabbix-server-mysql-4.0.12-4.18.1.s390x", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.s390x", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.s390x", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "zabbix-agent-4.0.12-4.18.1.x86_64", product: { name: "zabbix-agent-4.0.12-4.18.1.x86_64", product_id: "zabbix-agent-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-java-gateway-4.0.12-4.18.1.x86_64", product: { name: "zabbix-java-gateway-4.0.12-4.18.1.x86_64", product_id: "zabbix-java-gateway-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-phpfrontend-4.0.12-4.18.1.x86_64", product: { name: "zabbix-phpfrontend-4.0.12-4.18.1.x86_64", product_id: "zabbix-phpfrontend-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-4.0.12-4.18.1.x86_64", product: { name: "zabbix-proxy-4.0.12-4.18.1.x86_64", product_id: "zabbix-proxy-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64", product: { name: "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64", product_id: "zabbix-proxy-mysql-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64", product: { name: "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64", product_id: "zabbix-proxy-postgresql-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64", product: { name: "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64", product_id: "zabbix-proxy-sqlite-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-4.0.12-4.18.1.x86_64", product: { name: "zabbix-server-4.0.12-4.18.1.x86_64", product_id: "zabbix-server-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-mysql-4.0.12-4.18.1.x86_64", product: { name: "zabbix-server-mysql-4.0.12-4.18.1.x86_64", product_id: "zabbix-server-mysql-4.0.12-4.18.1.x86_64", }, }, { category: "product_version", name: "zabbix-server-postgresql-4.0.12-4.18.1.x86_64", product: { name: "zabbix-server-postgresql-4.0.12-4.18.1.x86_64", product_id: "zabbix-server-postgresql-4.0.12-4.18.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", }, product_reference: "zabbix-agent-4.0.12-4.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", }, product_reference: "zabbix-agent-4.0.12-4.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", }, product_reference: "zabbix-agent-4.0.12-4.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", }, product_reference: "zabbix-agent-4.0.12-4.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", }, product_reference: "zabbix-agent-4.0.12-4.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", }, product_reference: "zabbix-agent-4.0.12-4.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", }, product_reference: "zabbix-agent-4.0.12-4.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "zabbix-agent-4.0.12-4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", }, product_reference: "zabbix-agent-4.0.12-4.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-35230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35230", }, ], notes: [ { category: "general", text: "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35230", url: "https://www.suse.com/security/cve/CVE-2022-35230", }, { category: "external", summary: "SUSE Bug 1201290 for CVE-2022-35230", url: "https://bugzilla.suse.com/1201290", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-06T07:47:57Z", details: "moderate", }, ], title: "CVE-2022-35230", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.