{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22117", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "state": "PUBLISHED", "assignerShortName": "Zabbix", "dateReserved": "2024-01-05T07:44:01.394Z", "datePublished": "2024-11-26T14:11:57.195Z", "dateUpdated": "2024-11-26T15:06:22.759Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Frontend", "API"], "product": "Zabbix", "repo": "https://git.zabbix.com/", "vendor": "Zabbix", "versions": [{"changes": [{"at": "5.0.44rc1", "status": "unaffected"}], "lessThanOrEqual": "5.0.43", "status": "affected", "version": "5,0,0", "versionType": "git"}, {"changes": [{"at": "6.0.34rc1", "status": "unaffected"}], "lessThanOrEqual": "6.0.33", "status": "affected", "version": "6.0.0", "versionType": "git"}, {"changes": [{"at": "6.4.19rc1", "status": "unaffected"}], "lessThanOrEqual": "6.4.18", "status": "affected", "version": "6.4.0", "versionType": "git"}, {"changes": [{"at": "7.0.4rc1", "status": "unaffected"}], "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Zabbix wants to thank prasetia (prasetia) for submitting this report on the HackerOne bug bounty platform"}], "datePublic": "2024-07-03T08:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element."}], "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element."}], "impacts": [{"capecId": "CAPEC-207", "descriptions": [{"lang": "en", "value": "CAPEC-207 Removing Important Client Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2024-11-26T14:11:57.195Z"}, "references": [{"url": "https://support.zabbix.com/browse/ZBX-25610"}], "source": {"discovery": "EXTERNAL"}, "title": "Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T15:03:28.054720Z", "id": "CVE-2024-22117", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:06:22.759Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22117", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-26T15:03:28.054720Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:05:10.615Z"}}], "cna": {"title": "Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Zabbix wants to thank prasetia (prasetia) for submitting this report on the HackerOne bug bounty platform"}], "impacts": [{"capecId": "CAPEC-207", "descriptions": [{"lang": "en", "value": "CAPEC-207 Removing Important Client Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://git.zabbix.com/", "vendor": "Zabbix", "modules": ["Frontend", "API"], "product": "Zabbix", "versions": [{"status": "affected", "changes": [{"at": "5.0.44rc1", "status": "unaffected"}], "version": "5,0,0", "versionType": "git", "lessThanOrEqual": "5.0.43"}, {"status": "affected", "changes": [{"at": "6.0.34rc1", "status": "unaffected"}], "version": "6.0.0", "versionType": "git", "lessThanOrEqual": "6.0.33"}, {"status": "affected", "changes": [{"at": "6.4.19rc1", "status": "unaffected"}], "version": "6.4.0", "versionType": "git", "lessThanOrEqual": "6.4.18"}, {"status": "affected", "changes": [{"at": "7.0.4rc1", "status": "unaffected"}], "version": "7.0.0", "versionType": "git", "lessThanOrEqual": "7.0.3"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-03T08:33:00.000Z", "references": [{"url": "https://support.zabbix.com/browse/ZBX-25610"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", "supportingMedia": [{"type": "text/html", "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2024-11-26T14:11:57.195Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22117", "state": "PUBLISHED", "dateUpdated": "2024-11-26T15:06:22.759Z", "dateReserved": "2024-01-05T07:44:01.394Z", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "datePublished": "2024-11-26T14:11:57.195Z", "assignerShortName": "Zabbix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "E38CFF91-153E-46E6-AA48-2524933387DC", "versionEndExcluding": "5.0.44", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "45CB467C-BC4C-4455-83A5-9FBA0CC7AEA6", "versionEndExcluding": "6.0.34", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC3DDAA-D910-423D-B07D-5BBFC2584A41", "versionEndExcluding": "6.4.19", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC284EF6-B253-4383-8278-EB81F7859AEF", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element."}, {"lang": "es", "value": "Cuando se agrega una URL al elemento de mapa, se registra en la base de datos con identificadores secuenciales. Al agregar una nueva URL, el sistema recupera el \u00faltimo valor de sysmapelementurlid y lo incrementa en uno. Sin embargo, surge un problema cuando un usuario cambia manualmente el valor de sysmapelementurlid agregando sysmapelementurlid + 1. Esta acci\u00f3n evita que otros agreguen URL al elemento de mapa."}], "id": "CVE-2024-22117", "lastModified": "2025-10-08T16:05:30.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "security@zabbix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-26T15:15:31.510", "references": [{"source": "security@zabbix.com", "tags": ["Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-25610"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@zabbix.com", "type": "Secondary"}]}

{}

{}