5 matches found
CVE-2024-34882
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2024-34885
The CVE-2024-34885 entry concerns Bitrix24 (1C-Bitrix Bitrix24) version 23.300.100, where credentials in SMTP server settings are insufficiently protected. The underlying issue allows remote administrators to read SMTP account passwords via an HTTP GET request. The vulnerability impacts confident...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2024-5143
The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...