Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.14 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

6.8CVSS7.2AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.8 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

6.8CVSS7AI score0.00371EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-46929

Malicious code in bioql PyPI...

4.9CVSS5.4AI score0.01013EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.16 views

PT-2025-28 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём его внедрения в произвольный PHP-сценарий,...

9CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.4 views

PT-2025-27 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с ошибками при обработке относительного пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

6.8CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.5 views

PT-2025-26 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с ошибками при обработке относительного пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

6.8CVSS7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.11 views

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” involves deficiencies in access control, allowing attackers to elevate their privileges to the root level.

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to elevate their privileges to the root level...

9CVSS5.5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/04 7:15 p.m.33 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.8CVSS0.00424EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 7:15 p.m.45 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS0.0029EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 6:15 p.m.44 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

6.8CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 6:15 p.m.29 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

6.8CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.35 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.9 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.9AI score0.00424EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.29 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

0.00424EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.22 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.22 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

7.2AI score0.00339EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.10 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.9AI score0.0029EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.24 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

0.0029EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.26 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 12:0 a.m.70 views

CVE-2024-34887

CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...

6.8CVSS6.8AI score0.00339EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder