Main Vulnerability Database Vulnerabilities #VU101271

#VU101271 Insufficiently protected credentials in Zabbix - CVE-2024-36464

Published: December 5, 2024

Vulnerability identifier: #VU101271

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-36464

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zabbix

Software vendor:
Zabbix

Description

The vulnerability allows an attacker to gain access to media types credential.

The vulnerability exists due to media types credentials are exported in the yaml format in plain text. A remote attacker with access to exported data can obtain the credentials.

Remediation

Install updates from vendor's website.

External links

https://support.zabbix.com/browse/ZBX-25630

#VU101271 Insufficiently protected credentials in Zabbix - CVE-2024-36464

Description

Remediation

External links

Please verify you're human