CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

CVSS v3 2.2 LOW

2.2^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.7 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.zabbix.com/browse/ZBX-25610	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::

History

08 Oct 2025, 16:05

Type	Values Removed	Values Added
Summary		(es) Cuando se agrega una URL al elemento de mapa, se registra en la base de datos con identificadores secuenciales. Al agregar una nueva URL, el sistema recupera el último valor de sysmapelementurlid y lo incrementa en uno. Sin embargo, surge un problema cuando un usuario cambia manualmente el valor de sysmapelementurlid agregando sysmapelementurlid + 1. Esta acción evita que otros agreguen URL al elemento de mapa.
CPE		cpe:2.3:a:zabbix:zabbix::::::::
References	~~() https://support.zabbix.com/browse/ZBX-25610 -~~	() https://support.zabbix.com/browse/ZBX-25610 - Vendor Advisory
First Time		Zabbix Zabbix zabbix

26 Nov 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-26 15:15

Updated : 2025-10-08 16:05

NVD link : CVE-2024-22117

Mitre link : CVE-2024-22117

CVE.ORG link : CVE-2024-22117

JSON object : View

Products Affected

zabbix

zabbix

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-22117", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zabbix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.7}]}, "published": "2024-11-26T15:15:31.510", "references": [{"url": "https://support.zabbix.com/browse/ZBX-25610", "tags": ["Vendor Advisory"], "source": "security@zabbix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zabbix.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element."}, {"lang": "es", "value": "Cuando se agrega una URL al elemento de mapa, se registra en la base de datos con identificadores secuenciales. Al agregar una nueva URL, el sistema recupera el \u00faltimo valor de sysmapelementurlid y lo incrementa en uno. Sin embargo, surge un problema cuando un usuario cambia manualmente el valor de sysmapelementurlid agregando sysmapelementurlid + 1. Esta acci\u00f3n evita que otros agreguen URL al elemento de mapa."}], "lastModified": "2025-10-08T16:05:30.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E38CFF91-153E-46E6-AA48-2524933387DC", "versionEndExcluding": "5.0.44", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45CB467C-BC4C-4455-83A5-9FBA0CC7AEA6", "versionEndExcluding": "6.0.34", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EC3DDAA-D910-423D-B07D-5BBFC2584A41", "versionEndExcluding": "6.4.19", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC284EF6-B253-4383-8278-EB81F7859AEF", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zabbix.com"}