CVE-2024-36461 : Within Zabbix, users have the ability to directly modify memory pointers in the

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

Published 2024-08-09 09:33:40

Updated 2024-12-10 16:15:23

Source Zabbix

View at NVD, CVE.org

Products affected by CVE-2024-36461

Zabbix » Zabbix
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.0.30
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix
Versions from including (>=) 6.4.0 and up to, including, (<=) 6.4.15
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 7.0.0
cpe:2.3:a:zabbix:zabbix:7.0.0:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 61 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H	N/A	N/A	Zabbix	2024-08-09
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: Low Integrity: Low Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-12-10
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H	3.1	5.3	Zabbix	2024-08-12
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: Low Integrity: Low Availability: High

https://support.zabbix.com/browse/ZBX-25005
https://support.zabbix.com/browse/ZBX-25018

[ZBX-25018] Direct access to memory pointers within the JS engine for modification (CVE-2024-36461) - ZABBIX SUPPORT
Vendor Advisory

Jump to