Bitrix24 Security Vulnerabilities and Issues — Bitrix24 CVE List

Lucene search

BitrixBitrix24

6 matches found

CVE•added 2020/06/01 7:15 p.m.•93 views

CVE-2020-13758

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

6.1CVSS5.9AI score0.00141EPSS

CVE•added 2024/11/04 7:15 p.m.•51 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

6.8CVSS6.6AI score0.00103EPSS

CVE•added 2024/11/04 6:15 p.m.•49 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

6.8CVSS6.8AI score0.00103EPSS

CVE•added 2024/11/04 7:15 p.m.•49 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

6.8CVSS6.6AI score0.00065EPSS

CVE•added 2024/11/04 6:15 p.m.•44 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.

6.8CVSS6.8AI score0.00095EPSS

CVE•added 2024/11/04 6:15 p.m.•40 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

6.8CVSS6.6AI score0.00103EPSS