CVE-2024-36464: Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported

2.7 CVSS

Description

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.

Classification

CVE ID: CVE-2024-36464

CVSS Base Severity: LOW

CVSS Base Score: 2.7

Affected Products

Vendor: Zabbix

Product: Zabbix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.zabbix.com/browse/ZBX-25630

Timeline

2024-11-28 00:11:49 UTC
CVE

Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported