Zabbix Server Product Security Update Advisory

May 23 2024

Overview

An update has been released to address a vulnerability in Zabbix server product. Users of affected versions are advised to update to the latest version.

Affected Products

Zabbix Server versions: 6.0.0 (inclusive) to 6.0.27 (inclusive)
Zabbix Server Versions: 6.4.0 (inclusive) to 6.4.12 (inclusive)
Zabbix Server Versions : 7.0.0alpha1 (inclusive) to 7.0.0beta1 (inclusive)

Resolved Vulnerabilities

Time-based blind SQL injection vulnerability due to audit entries being added to the “audit log” and the “clientip” field not being sanitized when a command is executed (CVE-2024-22120)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest vulnerability patches version.

Zabbix Server versions 6.0.28rc1 , 6.4.13rc1 , 7.0.0beta2

Referenced Sites

[1] CVE-2024-22120 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-22120

[2] Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)

https://threatprotect.qualys.com/2024/05/20/zabbix-server-audit-log-time-based-sql-injection-vulnerability-cve-2024-22120/

[3] Time Based SQL Injection in Zabbix Server Audit Log (CVE-2024-22120)

https://support.zabbix.com/browse/ZBX-24505

Zabbix Server Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

ManageEngine (PAM360) Product May 2024 Security Update Advisory

Google Chrome Browser (125.0.6422.112/.113) Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

ManageEngine (PAM360) Product May 2024 Security Update Advisory

Google Chrome Browser (125.0.6422.112/.113) Security Update Advisory