Zabbix Server vulnerabilities
3 known vulnerabilities affecting zabbix/zabbix_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2023-32727HIGHCVSS 7.2≥ 4.0.0, ≤ 4.0.49≥ 5.0.0, ≤ 5.0.38+3 more2023-12-18
CVE-2023-32727 [HIGH] CWE-20 CVE-2023-32727: An attacker who has the privilege to configure Zabbix items can use function icmpping() with additio
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
nvd
CVE-2023-32725HIGHCVSS 8.8≥ 6.0.0, ≤ 6.0.21≥ 6.4.0, ≤ 6.4.6+1 more2023-12-18
CVE-2023-32725 [HIGH] CWE-565 CVE-2023-32725: The website configured in the URL widget will receive a session cookie when testing or executing sch
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
nvd
CVE-2017-2824HIGHCVSS 8.1v2.4.8.r12017-05-24
CVE-2017-2824 [HIGH] CWE-78 CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Se
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
cvelistv5nvd