Users can directly modify memory pointers in the JavaScript engine
CVE-2024-36461

8.8HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-36461?

The vulnerability in Zabbix allows users to directly manipulate memory pointers within the JavaScript engine. This can lead to serious security implications, enabling potential attackers to exploit the affected systems. The flaw specifically allows for unauthorized changes that could compromise the integrity and confidentiality of data processed by Zabbix. Proper security assessments and updates are necessary to mitigate the risks associated with this vulnerability.

Affected Version(s)

Zabbix 6.0.0 <= 6.0.30

Zabbix 6.4.0 <= 6.4.15

Zabbix 7.0.0alpha1 <= 7.0.0

References

https://support.zabbix.com/browse/ZBX-25018

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
May 28, 2024

Credit

Zabbix extends its gratitude to Pavel Voit (pavelvoit) for submitting this report on the HackerOne bug bounty platform