CVE-2024-36463

Nov. 26, 2024, 3:15 p.m.

6.5
Medium

Description

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

Product(s) Impacted

Product Versions
Zabbix
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-767
Access to Critical Private Variable via Public Method
The product defines a public method that reads or modifies a private variable.

References

https://support.zabbix.com/browse/ZBX-25611

Tags

security@zabbix.com
2024-11-26
CWE-767
CVE-2024-36463

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Nov. 26, 2024, 3:15 p.m.
Last Modified: Nov. 26, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@zabbix.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.