Tracked as CVE-2022-23131 and CVE-2022-23134, the two vulnerabilities could be exploited to bypass authentication and gain administrator privileges, which could then allow an attacker to execute arbitrary commands.
Zabbix is an open-source monitoring platform that organizations deploy within their networks to collect and centralize data such as CPU load and network traffic.
Identified by security researchers with SonarSource, a provider of code quality and security solutions, the two vulnerabilities are related to the manner in which Zabbix stores session data on the client-side and could lead to complete network compromise.