Skip to main content

Zabbix Agent2

3 CVEs product

Monthly

CVE-2023-32728 CRITICAL Act Now

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29453 CRITICAL Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-46768 MEDIUM PATCH This Month

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zabbix Information Disclosure Web Service Report Generation Zabbix Agent2
NVD
CVSS 3.1
5.9
EPSS
47.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Agent2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google +1
NVD
EPSS 48% CVSS 5.9
MEDIUM PATCH This Month

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zabbix Information Disclosure Web Service Report Generation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy