Lucene search

K
BitrixBitrix24

6 matches found

CVE
CVE
added 2020/06/01 7:15 p.m.93 views

CVE-2020-13758

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

6.1CVSS5.9AI score0.00141EPSS
CVE
CVE
added 2024/11/04 7:15 p.m.51 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

6.8CVSS6.6AI score0.00103EPSS
CVE
CVE
added 2024/11/04 6:15 p.m.49 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

6.8CVSS6.8AI score0.00103EPSS
CVE
CVE
added 2024/11/04 7:15 p.m.49 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

6.8CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2024/11/04 6:15 p.m.44 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.

6.8CVSS6.8AI score0.00095EPSS
CVE
CVE
added 2024/11/04 6:15 p.m.40 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

6.8CVSS6.6AI score0.00103EPSS