CVE-2024-42327

Published Nov 27, 2024

Last updated 5 days ago

Overview

Description
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
Source
security@zabbix.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@zabbix.com
CWE-89

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327) – Qualys ThreatPROTECT #informationsecurity #cybersecurity https://t.co/lhlfl93BE3

    @JeffEnglander

    2 Dec 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ZABBIX SQL injection in user.get API (CVE-2024-42327 CVSS 9.9) https://t.co/k4dTebCVJi

    @S0ufi4n3

    1 Dec 2024

    459 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Critical SQL Injection Vulnerability in Zabbix Zabbix's SQL injection vulnerability (CVE-2024-42327) poses a severe risk with a CVSS score of 9.9. Affects versions 6.0.0–6.0.31, 6.4.0–6.4.16, 7.0.0. Exploitable by non-admin accounts with API access.#CyberSecurity #SQLi

    @firexcore

    1 Dec 2024

    30 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2024-42327 @zabbix A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from…

    @d0znpp

    30 Nov 2024

    482 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. Zabbix tool affected by CVE-2024-42327 #ZABBIX #CVE-2024-42327 #Sqlinjection https://t.co/EBfNNckDf9

    @pravin_karthik

    30 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨Vulnerabilidad crítica de inyección SQL en la API de ➡️ Zabbix ⚠️ CVE-2024-42327 https://t.co/4YKIODy79o https://t.co/qB7W7BNfbd

    @elhackernet

    29 Nov 2024

    6909 Impressions

    31 Retweets

    100 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  7. Uwaga na "krytyczny SQL injection" w Zabbix. CVE-2024-42327 Na szczęście wykorzystanie wymaga posiadania konta (dowolnego) użytkownika w Zabbix https://t.co/6BQQaw2rSM

    @Sekurak

    29 Nov 2024

    2931 Impressions

    6 Retweets

    32 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  8. 【緊急】Zabbix の脆弱性情報 CVE-2024-42327 (CVSS 9.9) https://t.co/JV4FglcwWP

    @yousukezan

    29 Nov 2024

    1386 Impressions

    6 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. یک آسیب پذیری با شدت بحرانی و امتیاز 9.9 و با شناسه CVE-2024-42327 در #Zabbix اصلاح شده. این آسیب پذیری از نوع #SQLi هستش و امکان افزایش امتیاز و کنترل Zabbix رو به مهاجم میده. آسیب پذیری در نقطه پایانی user.get API هستش. https://t.co/pk9CcmkxdS

    @onhexgroup

    28 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CVE-2024-42327: SQL Injection in Zabbix, 9.9 rating 🔥 The discovered vulnerability allows any Zabbix user to perform Privilege Escalation via SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/LSM2JnwACB #cybersecurity #vulnerability_map #zabbix https://t

    @Netlas_io

    28 Nov 2024

    3569 Impressions

    14 Retweets

    57 Likes

    20 Bookmarks

    0 Replies

    1 Quote

  11. CVSS 9.9!! とりあえずユーザーロールで user.get API をdenyした。 Zabbix SQL injection in user.get API (CVE-2024-42327) https://t.co/X5Ysztndzp

    @miyahancom

    28 Nov 2024

    1279 Impressions

    1 Retweet

    5 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  12. CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix https://t.co/TTJUIF7XQk

    @Dinosn

    28 Nov 2024

    7713 Impressions

    50 Retweets

    158 Likes

    35 Bookmarks

    0 Replies

    0 Quotes

  13. Zabbix(ITインフラ監視製品)に重大(Critical)な脆弱性。CVE-2024-42327はCVSSスコア9.9でuser.get APIエンドポイントにおけるSQLインジェクション。悪用には一般ユーザーかそれ以上のアクセス権が必要。修正版が提供されている。 https://t.co/Ze9GqVCyET

    @__kokumoto

    28 Nov 2024

    10396 Impressions

    53 Retweets

    123 Likes

    48 Bookmarks

    1 Reply

    1 Quote

  14. CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Learn about the critical SQL injection flaw in #Zabbix and its potential impact on monitoring data and system security. https://t.co/RT276nBYA3

    @the_yellow_fall

    28 Nov 2024

    265 Impressions

    0 Retweets

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  15. [CVE-2024-42327: CRITICAL] Zabbix frontend vulnerability alert: Non-admin user accounts with API access can exploit SQLi in CUser class, potentially breaching security. Take precautions! #cybersecurity#cybersecurity,#vulnerability https://t.co/aDNGGZmbk7 https://t.co/hWc2isCOLY

    @CveFindCom

    27 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exist… https://t.co/c0fCnISAlx

    @CVEnew

    27 Nov 2024

    397 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes