7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.716 High
EPSS
Percentile
98.1%
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inputs. A remote
attacker could possibly use this issue to execute arbitrary SQL commands.
This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)
It was discovered that Zabbix incorrectly handled the request parameter. A
remote attacker could possibly use this issue to redirect requests to
external links. This issue only affected Ubuntu 14.04 ESM and
Ubuntu 18.04 ESM. (CVE-2016-10742)
It was discovered that Zabbix incorrectly handled failed login attempts. A
remote attacker could possibly use this issue to enumerate users.
(CVE-2019-15132)
It was discovered that Zabbix did not properly validate input. A remote
attacker could exploit this to conduct cross-site scripting (XSS) attacks.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2020-15803)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | zabbix-java-gateway | <ย 1:4.0.17+dfsg-1ubuntu0.1~esm1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-agent | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-agent-dbgsym | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-frontend-php | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-java-gateway | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-proxy-mysql | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-proxy-mysql-dbgsym | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-proxy-pgsql | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-proxy-pgsql-dbgsym | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | zabbix-proxy-sqlite3 | <ย 1:4.0.17+dfsg-1 | UNKNOWN |
ubuntu.com/security/CVE-2014-3005
ubuntu.com/security/CVE-2016-10134
ubuntu.com/security/CVE-2016-10742
ubuntu.com/security/CVE-2016-4338
ubuntu.com/security/CVE-2017-2824
ubuntu.com/security/CVE-2017-2825
ubuntu.com/security/CVE-2019-15132
ubuntu.com/security/CVE-2020-11800
ubuntu.com/security/CVE-2020-15803
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.716 High
EPSS
Percentile
98.1%