Home Article Articles The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2> The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script Information: Zabbix is an open-source software for monitoring and managing IT systems, including networks, servers, and various applications. Zabbix can collect data from hardware and software through various methods, such as SNMP, IPMI, agent-based monitoring, and user-defined checks. The software can be configured to send alerts when abnormal events occur and has the capability to present collected data in the form of graphs, reports, and dashboards. Additionally, Zabbix supports customization and extension to meet the specific needs of organizations or administrators. Incident : A critical vulnerability, CVE-2024-22116, has been disclosed. This vulnerability allows administrators with limited privileges to execute arbitrary code via a Ping script in the host monitoring section, potentially putting system infrastructure at risk. Zabbix reports, "An administrator with restricted permissions can use the script execution function in the Host Monitoring section. Due to the lack of protection against code injection in script parameters, it allows the execution of arbitrary code through the Ping script, which may result in system damage." According to the Common Weakness Enumeration (CWE), this vulnerability falls under CWE-94, Improper Control of Generation of Code ('Code Injection'). The Common Attack Pattern Enumeration and Classification (CAPEC) categorizes this vulnerability as CAPEC-253, Remote Code Inclusion. Affected Versions: The vulnerability affects versions 6.4.0 through 6.4.15 and 7.0.0alpha1 through 7.0.0rc2. Resolution: Update to versions 6.4.16rc1 and 7.0.1rc3. The important things is Security systems. We must concern and monitor as usual. For more information please contact Email :sales@inetms.co.th 065 149 2822 (Ms.Suphatson ) 063 204 4534 (Ms.Atsamaphorn) 065 929 6330 (Ms.Kansinee) References : - https://www.zabbix.com/security_advisories#ZBV-2024-08-09-8 - https://cybersecuritynews.com/zabbix-server-vulnerability/? fbclid=IwY2xjawEsVvlleHRuA2FlbQIxMQABHQOqV46kd7Z5QO3GdJVbdsBd_a1lvgMuw14gTPiwNAJHBekSaG7Aksmrcg_aem_w86pYxE1H0Z48aBlIZMsZA Weekly Interesting CVE NO. CVE Name Published Date Last Update Device/ Appplication /OS Target Attack Type CVSS Severity Rating Detail Solution Reference 1 CVE-2024-40898 18/7/2024 8/8/2024 Apache HTTP Server Version 2.4.0 - 2.4.61 Server-Side Request Forgery (SSRF) 7.5 SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Upgrade to version 2.4.62 https://www.opencve.io/cve/CVE-2024-40898 2 CVE-2024-37085 25/6/2024 8/8/2024 VMware Cloud Foundation : version 4.x - 5.x Esxi : version 7.x and 8.x Authentication Bypass 7.2 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. Cloud Foundation: upgrade to 5.2 Esxi: upgrade to ESXi80U3-24022510 https://www.opencve.io/cve/CVE-2024-37085 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 3 CVE-2019-6198 8/7/2024 7/8/2024 IBM MQ Operator Authentication Bypass 9.8 IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. upgrade to version 3.2.3 https://www.ibm.com/docs/en/ibm-mq/9.4?topic=about-release-history-mq-operator https://nvd.nist.gov/vuln/detail/CVE-2024-39742 4 CVE-2024-6989 6/8/2024 7/8/2024 Google Chrome affected before 127.0.6533.72 Use after free 8.8 Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High Update to version 127.0.6533.72 or latest version https://www.opencve.io/cve/CVE-2024-6989 5 CVE-2024-32113 08/05/2024 08/08/2024 Apache OFBiz: before 18.12.13 Path Traversal 9.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. upgrade to version 18.12.13 https://www.opencve.io/cve/CVE-2024-32113 Malware News or Campaign IOC/IOA | EN No ​ Campaign Name ​ Detection Date ​ Attack ​ Type ​ Description ​ Mitigation/Rem