CVE-2024-42327 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-42327 Interim 1 4 2025-03-24T00:35:50Z current 2024-11-28T00:25:37Z 2025-03-24T00:35:50Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS zabbix zabbix-agent zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3 zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. CVE-2024-42327 SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:zabbix SUSE Linux Enterprise Server Teradata 12 SP3:zabbix important 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H