Zabbix Addresses Multi Vulnerabilities, Including RCE CVE-2024-36461 (CVSS 9.1) Flaw - #CVE-2024-36461
Zabbix, a widely used open-source monitoring solution, has released updates to address several critical security vulnerabilities, including a highly severe remote code execution (RCE) flaw identified as CVE-2024-36461 with a CVSS score of 9.1. This flaw can allow users with restricted access to escalate privileges and control the entire monitoring system due to exposed JavaScript engine memory pointers. Other patched vulnerabilities include privilege escalation, command injection, arbitrary file read, information disclosure, plaintext password exposure in audit logs, and uncontrolled resource consumption leading to denial-of-service attacks. Versions 6.0.0 through 7.0.0 are affected, and updates to versions 6.0.31rc1, 6.4.16rc1, or 7.0.1rc1 are available. Users are strongly advised to update their systems and review access control policies to ensure the principle of least privilege is enforced.