CVE-2024-22121 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Zabbix	CNA	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Vendor	Product	Version
zabbix	zabbix	5.0.0 ≤ 𝑥 ≤ 5.0.42
zabbix	zabbix	6.0.0 ≤ 𝑥 ≤ 6.0.30
zabbix	zabbix	6.4.0 ≤ 𝑥 ≤ 6.4.15
zabbix	zabbix	7.0.0:alpha1
zabbix	zabbix	7.0.0:alpha2
zabbix	zabbix	7.0.0:alpha3
zabbix	zabbix	7.0.0:alpha4
zabbix	zabbix	7.0.0:alpha5
zabbix	zabbix	7.0.0:alpha6
zabbix	zabbix	7.0.0:alpha7
zabbix	zabbix	7.0.0:alpha8
zabbix	zabbix	7.0.0:alpha9
zabbix	zabbix	7.0.0:beta1
zabbix	zabbix	7.0.0:beta2
zabbix	zabbix	7.0.0:beta3
zabbix	zabbix	7.0.0:rc1
zabbix	zabbix	7.0.0:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zabbix

bullseye	1:5.0.8+dfsg-1 fixed
bullseye (security)	1:5.0.46+dfsg-1+deb11u1 fixed
bookworm	1:6.0.14+dfsg-1 fixed
sid	1:7.0.10+dfsg-2 fixed
trixie	1:7.0.10+dfsg-2 fixed

Common Weakness Enumeration

CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

https://support.zabbix.com/browse/ZBX-25011