COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-23131

CVE-2022-23131

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-02-22
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-23131
⌖ exploited in the wild shame 50/100 exploited-in-wild

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

Players implicated

Zabbix · vendorFrontend · product

Description

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.