Latest Cyber Security News | Network Security HackingNewsVulnerabilities Multiple Vulnerabilities Found In Zabbix IT Monitoring Platform written by Abeerah Hashim February 23, 2022 57 SHARES Share Tweet Researchers have warned users of numerous security vulnerabilities in the Zabbix monitoring platform. Exploiting the bugs could allow an adversary to compromise an entire network. The developers have patched the flaws with the latest release. Zabbix Platform Vulnerabilities Zabbix is a popular open-source IT infrastructure monitoring platform. Precisely, it scans networks, virtual machines (VMs), cloud components, and servers for metrics like network utilization, CPU load, and more. Due to these valuable features, Zabbix is commonly used in enterprise environments, thus becoming a significant target for criminal hackers. According to a recent post from SonarSource, their researchers found multiple flaws when analyzing Zabbix Web Frontend for potential security risks. Briefly, the first of these vulnerabilities is a critical security bug affecting Zabbix client-side session storage. This vulnerability, CVE-2022-23131, includes a Security Assertion Markup Language (SAML) Single-Sign-On (SSO) bypass. It has achieved a critical severity rating with a CVSS score of 9.1. Exploiting this bug could allow an adversary to gain admin privileges on the target networks. In turn, this access could allow arbitrary code execution on Zabbix Server and Zabbix Agent. The researchers have demonstrated this exploit in the following video. The other vulnerability, CVE-2022-23134, was also related to CVE-2022-23131. However, it has achieved a low-severity rating with a CVSS score of 3.4. Specifically, this vulnerability allowed access to setup.php to unauthenticated users. Hence, an adversary could exploit the flaw to gain high-privileged access to change Zabbix Web Frontend configuration files. The following video demonstrates the bug in action. Patches Released SonarSource found these vulnerabilities in late 2021, after which they informed Zabbix maintainers of the flaws. However, while the developers patched the flaws, the researchers noticed that bypassing the patches remained possible. Hence, the developers eventually released a final patch with Zabbix 5.4.9, 5.0.9, and 4.0.37. Hence, users should update their systems with the latest software version to avoid exploits. 57 SHARES Share Tweet ARBITRARY CODE EXECUTIONAUTHENTICATION BYPASSBUGBUGSBYPASSCODE EXECUTIONCODE EXECUTION FLAWFLAWFLAWSSECURITY BYPASSVULNERABILITIESVULNERABILITYZABBIXZABBIX VULNERABILITIES 0 comments 0 ABEERAH HASHIM Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: abeerah@latesthackingnews.com previous post The Best Practices of Security Testing next post The Impact of Cybersecurity Fraud on Different Sectors YOU MAY ALSO LIKE MomentProof Deploys Patented Digital Asset Protection February 4, 2026 Airlock Digital Announces Independent TEI Study Quantifying Measurable... January 20, 2026 One Identity Unveils Major Upgrade to Identity Manager,... January 20, 2026 AppGuard Critiques AI Hyped Defenses; Expands its Insider... January 15, 2026 2026 Study from Panorays: 85% of CISOs Can’t... January 14, 2026 SpyCloud Launches Supply Chain Solution to Combat Rising... January 14, 2026 INE Security Expands Across Middle East and Asia... December 18, 2025 Link11 Identifies Five Cybersecurity Trends Set to Shape... December 16, 2025 INE Highlights Enterprise Shift Toward Hands-On Training Amid... December 11, 2025 INE Earns G2 Winter 2026 Badges Across Global... December 8, 2025