CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-11800

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile32.93th
Published2020年10月7日
Last Modified2024年11月21日

Vulnerability Description

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Affected Platforms (CPE)

📦
Zabbix

Zabbix

>= 2.2.0 and < 3.0.31
📦
Zabbix

Zabbix

= 3.2.0
📦
Opensuse

Backports Sle

= 15.0
📦
Opensuse

Backports Sle

= 15.0
💻
Opensuse

Leap

= 15.1
💻
Opensuse

Leap

= 15.2
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
🔗 https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
🔗 https://support.zabbix.com/browse/DEV-1538
🔗 https://support.zabbix.com/browse/ZBX-17600
🔗 https://support.zabbix.com/browse/ZBXSEC-30
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
🔗 https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
🔗 https://support.zabbix.com/browse/DEV-1538

関連する脆弱性情報

CVE-2007-064010.0

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

CVE-2013-37389.8

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which coul...

CVE-2013-57439.8

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVE-2014-30059.8

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x...