UBUNTU-CVE-2021-46088
- Source
- https://ubuntu.com/security/CVE-2021-46088
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-46088.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-46088
- Upstream
- Published
- 2022-01-27T16:15:00Z
- Modified
- 2025-10-24T04:50:40Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - negligible
- Summary
- [none]
- Details
-
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.
- References
Affected packages
Ubuntu:25.04
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:7.0.10+dfsg-2?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-agent2",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-sender",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:7.0.10+dfsg-2"
},
{
"binary_name": "zabbix-web-service",
"binary_version": "1:7.0.10+dfsg-2"
}
]
}Ubuntu:25.10
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:7.0.10+dfsg-2build1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-agent2",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-sender",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-web-service",
"binary_version": "1:7.0.10+dfsg-2build1"
}
]
}Ubuntu:Pro:14.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:2.2.2+dfsg-1ubuntu1+esm5?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.0.6+dfsg-1ubuntu2
1:2.2.0+dfsg-1ubuntu1
1:2.2.0+dfsg-6ubuntu1
1:2.2.1+dfsg-1ubuntu3
1:2.2.2+dfsg-1ubuntu1
1:2.2.2+dfsg-1ubuntu1+esm1
1:2.2.2+dfsg-1ubuntu1+esm3
1:2.2.2+dfsg-1ubuntu1+esm4
1:2.2.2+dfsg-1ubuntu1+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
}
]
}Ubuntu:Pro:16.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:2.4.7+dfsg-2ubuntu2.1+esm4?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.4.6+dfsg-1
1:2.4.7+dfsg-1
1:2.4.7+dfsg-2
1:2.4.7+dfsg-2ubuntu2
1:2.4.7+dfsg-2ubuntu2.1
1:2.4.7+dfsg-2ubuntu2.1+esm1
1:2.4.7+dfsg-2ubuntu2.1+esm2
1:2.4.7+dfsg-2ubuntu2.1+esm3
1:2.4.7+dfsg-2ubuntu2.1+esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
}
]
}Ubuntu:Pro:18.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:3.0.12+dfsg-1ubuntu0.1~esm4?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:3.*
1:3.0.7+dfsg-3
1:3.0.12+dfsg-1
1:3.0.12+dfsg-1ubuntu0.1~esm1
1:3.0.12+dfsg-1ubuntu0.1~esm2
1:3.0.12+dfsg-1ubuntu0.1~esm3
1:3.0.12+dfsg-1ubuntu0.1~esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
}
]
}Ubuntu:Pro:20.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:4.0.17+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:4.*
1:4.0.4+dfsg-1build2
1:4.0.4+dfsg-1build3
1:4.0.11+dfsg-1
1:4.0.14+dfsg-1
1:4.0.15+dfsg-1
1:4.0.16+dfsg-1
1:4.0.16+dfsg-1build1
1:4.0.17+dfsg-1
1:4.0.17+dfsg-1ubuntu0.1~esm1
1:4.0.17+dfsg-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:22.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix@1:5.0.17+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:5.*
1:5.0.8+dfsg-1build1
1:5.0.14+dfsg-1
1:5.0.17+dfsg-1
1:5.0.17+dfsg-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
}
]
}