CVE-2022-46768

Summary

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.

Affected Software

VendorProductVersion RangeStatus
ZabbixWeb Service Report Generation6.0.0-6.0.11affected
ZabbixWeb Service Report Generation6.2.0-6.2.5affected
ZabbixZabbix agent 2 (MSI packages)6.0.12rc1 < unspecifiedunaffected
ZabbixZabbix agent 2 (MSI packages)6.2.6rc1 < unspecifiedunaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

If an immediate update is not possible, limit network access to Zabbix Web Service Report Generation.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References