Lucene search
Copyright (C) 2022 Greenbone Networks GmbHOPENVAS:1361412562310822478HistorySep 19, 2022 - 12:00 a.m.
Fedora: Security Advisory for zabbix (FEDORA-2022-0d56cb7ee4)
2022-09-1900:00:00
Copyright (C) 2022 Greenbone Networks GmbH
plugins.openvas.org
4
fedora
security
advisory
zabbix
package
update
vulnerable
monitoring
network
server
notification
email
reporting
visualization
polling
trapping
web-based
infrastructure
it
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.5%
The remote host is missing an update for the
# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.822478");
script_version("2023-10-18T05:05:17+0000");
script_cve_id("CVE-2022-40626");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_tag(name:"last_modification", value:"2023-10-18 05:05:17 +0000 (Wed, 18 Oct 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-09-16 03:15:00 +0000 (Fri, 16 Sep 2022)");
script_tag(name:"creation_date", value:"2022-09-19 01:15:20 +0000 (Mon, 19 Sep 2022)");
script_name("Fedora: Security Advisory for zabbix (FEDORA-2022-0d56cb7ee4)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC37");
script_xref(name:"Advisory-ID", value:"FEDORA-2022-0d56cb7ee4");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G");
script_tag(name:"summary", value:"The remote host is missing an update for the 'zabbix'
package(s) announced via the FEDORA-2022-0d56cb7ee4 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Zabbix uses a flexible notification mechanism
that allows users to configure e-mail based alerts for virtually any event.
This allows a fast reaction to server problems. Zabbix offers excellent
reporting and data visualization features based on the stored data.
This makes Zabbix ideal for capacity planning.
Zabbix supports both polling and trapping. All Zabbix reports and statistics,
as well as configuration parameters are accessed through a web-based front end.
A web-based front end ensures that the status of your network and the health of
your servers can be assessed from any location. Properly configured, Zabbix can
play an important role in monitoring IT infrastructure. This is equally true
for small organizations with a few servers and for large companies with a
multitude of servers.");
script_tag(name:"affected", value:"'zabbix' package(s) on Fedora 37.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC37") {
if(!isnull(res = isrpmvuln(pkg:"zabbix", rpm:"zabbix~6.0.8~1.fc37", rls:"FC37"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
ubuntucve
ubuntucve
CVE-2022-40626
2022-09-14 00:00:00
cvelist
cvelist
CVE-2022-40626 Reflected XSS in the backurl parameter of Zabbix Frontend
2022-07-08 00:00:00
nvd
nvd
CVE-2022-40626
2022-09-14 11:15:53
osv
osv
CVE-2022-40626
2022-09-14 11:15:53
cve
cve
CVE-2022-40626
2022-09-14 11:15:53
prion
prion
Code injection
2022-09-14 11:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: zabbix-6.0.8-1.fc37
2022-09-19 00:23:13
debiancve
debiancve
CVE-2022-40626
2022-09-14 11:15:53
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.5%
Related for OPENVAS:1361412562310822478