CVE-2022-46768
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zabbix | Web Service Report Generation | 6.0.0-6.0.11 | affected |
| Zabbix | Web Service Report Generation | 6.2.0-6.2.5 | affected |
| Zabbix | Zabbix agent 2 (MSI packages) | 6.0.12rc1 < unspecified | unaffected |
| Zabbix | Zabbix agent 2 (MSI packages) | 6.2.6rc1 < unspecified | unaffected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
If an immediate update is not possible, limit network access to Zabbix Web Service Report Generation.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.