The United States Cybersecurity and Infrastructure Security Agency (CISA) this week expanded its Vulnerable Identification Catalog with two key flaws in Zabbix’s business monitoring solution.
Followed as CVE-2022-23131 and CVE-2022-23134, two risks may be used to override assurance and access to administrator rights, which may allow the attacker to issue invalid commands. Zabbix is an open source monitoring platform that organizations use within their networks to collect and process single data such as CPU load and network traffic.
Identified by security researchers with SonarSource, both risks are related to how Zabbix stores session data on the client side and can lead to network integrity issues
