CVE-2020-11800 — Zabbix vulnerability

10 documents7 sources

Severity

9.8CRITICALNVD

EPSS

47.8%

top 2.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Linux Opensuse Backports SLE +1 more

Timeline

PublishedOct 7

Latest updateJun 15

Description

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDzabbix/zabbix2.2.0 — 3.0.31+1

▶Debianzabbix/zabbix< 1:4.0.0+dfsg-1+3

▶Ubuntuzabbix/zabbix< 1:2.2.2+dfsg-1ubuntu1+esm4+3

▶NVDopensuse/leap15.1, 15.2+1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

zabbix vulnerabilities↗2022-06-15

▶

GHSA

GHSA-cv5w-5v87-ffvf: Zabbix Server 2↗2022-05-24

▶

CVEList

CVE-2020-11800: Zabbix Server 2↗2020-10-07

▶

OSV

CVE-2020-11800: Zabbix Server 2↗2020-10-07

▶

📋Vendor Advisories

Ubuntu

Zabbix vulnerabilities↗2022-06-15

▶

Debian

CVE-2020-11800: zabbix - Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to ...↗2020

▶

💬Community

Bugzilla

CVE-2020-11800 zabbix30: zabbix: allows remote attackers to execute arbitrary code [epel-7]↗2020-10-08

▶

Bugzilla

CVE-2020-11800 zabbix: allows remote attackers to execute arbitrary code↗2020-10-08

▶

Bugzilla

CVE-2020-11800 zabbix22: zabbix: allows remote attackers to execute arbitrary code [epel-6]↗2020-10-08

▶