Zabbix up to 4.4 Dashboard Page zabbix.php improper authentication

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Zabbix up to 4.4 (Network Management Software) and classified as critical. This vulnerability affects an unknown code of the file zabbix.php?action=dashboard.view&dashboardid=1 of the component Dashboard Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
945041009/29/2020VulD...cve_nvd_summaryAn issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.mitre.org09/29/2020accepted100
945040909/29/2020VulD...cve_assigned1570579200mitre.org09/29/2020accepted100
945040509/29/2020VulD...cvss3_nvd_aNnist.gov09/29/2020accepted100
945040409/29/2020VulD...cvss3_nvd_iHnist.gov09/29/2020accepted100
945040309/29/2020VulD...cvss3_nvd_cHnist.gov09/29/2020accepted100
945040209/29/2020VulD...cvss3_nvd_sUnist.gov09/29/2020accepted100
945040109/29/2020VulD...cvss3_nvd_uiNnist.gov09/29/2020accepted100
945040009/29/2020VulD...cvss3_nvd_prNnist.gov09/29/2020accepted100
945039909/29/2020VulD...cvss3_nvd_acLnist.gov09/29/2020accepted100
945039809/29/2020VulD...cvss3_nvd_avNnist.gov09/29/2020accepted100
945038509/29/2020VulD...cvss2_nvd_aiNnist.gov09/29/2020accepted100
945038409/29/2020VulD...cvss2_nvd_iiPnist.gov09/29/2020accepted100
945038309/29/2020VulD...cvss2_nvd_ciPnist.gov09/29/2020accepted100
945038209/29/2020VulD...cvss2_nvd_auNnist.gov09/29/2020accepted100
945038109/29/2020VulD...cvss2_nvd_acLnist.gov09/29/2020accepted100
945038009/29/2020VulD...cvss2_nvd_avNnist.gov09/29/2020accepted100
945037009/29/2020VulD...cwe287 (weak authentication)09/29/2020accepted100
945036509/29/2020VulD...typeNetwork Management Software09/29/2020accepted100
945041710/10/2019VulD...cvss3_nvd_basescore9.1nist.gov10/10/2019accepted90
945041610/10/2019VulD...cvss3_vuldb_rcX10/10/2019accepted90

Interested in the pricing of exploits?

See the underground prices here!