CVE-2022-46768

File name information disclosure vulnerability in Zabbix Web Service Report Generation

Description

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.

Remediation

Solution:

  • To remediate this vulnerability, apply updates to the appropriate products or use the workaround

Workaround:

  • If an immediate update is not possible, limit network access to Zabbix Web Service Report Generation.

Category

5.9
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 6.58% Top 10%
Vendor Advisory zabbix.com
Affected: Zabbix Web Service Report Generation
Affected: Zabbix Zabbix agent 2 (MSI packages)
Published at:
Updated at:

References

Link Tags
https://support.zabbix.com/browse/ZBX-22087 patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-46768?
CVE-2022-46768 has been scored as a medium severity vulnerability.
How to fix CVE-2022-46768?
To fix CVE-2022-46768: To remediate this vulnerability, apply updates to the appropriate products or use the workaround
Is CVE-2022-46768 being actively exploited in the wild?
It is possible that CVE-2022-46768 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~7% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-46768?
CVE-2022-46768 affects Zabbix Web Service Report Generation, Zabbix Zabbix agent 2 (MSI packages).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.