GCVE - cpe:2.3:a:zabbix:zabbix_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix Server (`e78164f6-c939-5a0e-bc65-a3f5a01c7cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-22120`	vulnerable	2026-06-08 06:29:33.816187	Time Based SQL Injection in Zabbix Server Audit Log CRITICAL (9.1) Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. Published: 2024-05-17T09:53:52.798Z Updated: 2024-08-01T22:35:34.820Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-24505	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32727`	vulnerable	2026-06-08 06:04:47.093505	Code execution vulnerability in icmpping MEDIUM (6.8) An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Published: 2023-12-18T09:18:48.446Z Updated: 2025-11-03T21:48:41.788Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-23857	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32725`	vulnerable	2026-06-08 06:04:47.085997	Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget. CRITICAL (9.6) The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. Published: 2023-12-18T09:15:23.931Z Updated: 2024-08-02T15:25:36.630Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-23854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2824`	vulnerable	2026-06-08 05:09:26.024128	Details available An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. Published: 2017-05-24T14:00:00.000Z Updated: 2024-08-05T14:09:16.849Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325 http://www.securityfocus.com/bid/98083 http://www.debian.org/security/2017/dsa-3937	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.