NVD disclosure day

Published threat advisories for January 13, 2022

CVE-2022-23134

Zabbix Frontend Configuration Change Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in Zabbix Frontend's setup process, allowing unauthenticated users to alter system configurations. This could disrupt monitoring operations or impact system integrity. Affected organizations should apply vendor updates.

NVD published: January 13, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-23131

Zabbix Frontend Authentication Bypass and Privilege Escalation

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Zabbix Frontend, when SAML SSO is enabled, allows an unauthenticated actor to modify session data and escalate privileges to gain administrative access. This impacts organizations using Zabbix Frontend with SAML SSO configured. The business risk involves unauthorized administrative control over monit

NVD published: January 13, 2022 • CISA KEV