CVE-2024-42327
CVSS 3.1 Score 9.9 of 10 (high)
Details
Summary
CVE-2024-42327 is a newly disclosed vulnerability in the Zabbix frontend. This issue allows non-admin user accounts, specifically those with API access, to exploit an SQL injection vulnerability. The affected function is the addRelatedObjects within the CUser class. This vulnerability is significant because it can be exploited by any user with API access, and the addRelatedObjects function is called from the CUser.get function, which is widely accessible. The consequences of this vulnerability are not fully understood at this time, but it poses a potential risk to Zabbix installations. It is recommended that affected organizations apply the necessary patches as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Zabbix
Affected Vendors
- Zabbix LLC