Main Vulnerability Database Vulnerabilities #VU101271

Insufficiently protected credentials in Zabbix - CVE-2024-36464

Published: December 5, 2024

Vulnerability identifier: #VU101271

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-36464

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zabbix

Affected software:
Zabbix

Detailed vulnerability description

The vulnerability allows an attacker to gain access to media types credential.

The vulnerability exists due to media types credentials are exported in the yaml format in plain text. A remote attacker with access to exported data can obtain the credentials.

How to mitigate CVE-2024-36464

Install updates from vendor's website.

Sources

https://support.zabbix.com/browse/ZBX-25630

Insufficiently protected credentials in Zabbix - CVE-2024-36464

Detailed vulnerability description

How to mitigate CVE-2024-36464

Sources

Please verify you're human