Get Started

Monitoring

Selected category
13 Aug 2024 DevOps
Zabbix: Arbitrary Code Execution via Monitoring Hosts

In Zabbix a critical severity vulnerability CVE-2024-22116 was detected. A restricted-permission admin can exploit the Monitoring Hosts script execution to run arbitrary code via the Ping script, risking infrastructure compromise. To address this issue users should upgrade to versions 6.4.16 RC1 or above, 7.0.0 RC3 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-22116.

 Read more Monitoring
13 Aug 2024 DevOps
Zabbix: Upgrade for Addressing Critical Vulnerability

In Zabbix versions 6.0.30, 6.4.15 and 7.0.0 a critical severity vulnerability CVE-2024-36461 was detected. This allows attackers to overload the system and make it unavailable by consuming excessive resources through the Banzai pipeline. To fix this problem, users should upgrade Zabbix to versions 6.0.31rc1, 6.4.16rc1, and 7.0.1rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36461.

 Read more Monitoring
13 Aug 2024 DevOps
Zabbix: Resolving Plaintext Password Exposure Vulnerability

In Zabbix versions from 5.0.0 prior to 5.0.42, 6.0.0 prior to 6.0.30, 6.4.0 prior to 6.4.15, and 7.0.0alpha1 prior to 7.0.0 a high severity vulnerability CVE-2024-36460 was detected. This vulnerability allows attackers to view and steal unprotected passwords directly from the audit log, potentially leading to unauthorized access and impersonation. To fix this problem, users should upgrade Zabbix to versions 5.0.43rc1, 6.0.31rc1, 6.4.16rc1 and 7.0.1rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36461.

 Read more Monitoring
30 Jun 2024 DevOps
Zabbix: Critical server vulnerability wich allows to injection SQL into “clientip” and exploit time based blind SQL injection

In Zabbix version 6.0.0 – 7.0.0alpha1 a critical vulnerability CVE-2024-22120 was detected. This vulnerability allows the attacker to perform command execution for configured scripts. After it is possible to inject SQL into “clientip” and exploit time based blind SQL injection. To address this issue, users are advised to upgrade to the version 7.0.0 beta1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22120/.

 Read more Monitoring
13 Jun 2024 DevOps
Zabbix: Critical Server SQL Injection Vulnerability via “clientip”

In Zabbix version 6.0.0 – 7.0.0alpha1 a critical vulnerability CVE-2024-22120 was detected. This vulnerability allows command execution and SQL injection via “clientip.” Users should upgrade to version 7.0.0 beta1 to fix this issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-22120/.

 Read more Monitoring