Users can directly modify memory pointers in the JavaScript engine
CVE-2024-36461

9.1CRITICAL

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-36461?

The vulnerability in Zabbix allows users to directly manipulate memory pointers within the JavaScript engine. This can lead to serious security implications, enabling potential attackers to exploit the affected systems. The flaw specifically allows for unauthorized changes that could compromise the integrity and confidentiality of data processed by Zabbix. Proper security assessments and updates are necessary to mitigate the risks associated with this vulnerability.

Affected Version(s)

Zabbix 6.0.0 <= 6.0.30

Zabbix 6.4.0 <= 6.4.15

Zabbix 7.0.0alpha1 <= 7.0.0

References

https://support.zabbix.com/browse/ZBX-25018

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
May 28, 2024

Credit

Zabbix extends its gratitude to Pavel Voit (pavelvoit) for submitting this report on the HackerOne bug bounty platform

JSON