Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
References
Link | Resource |
---|---|
https://github.com/secware-ru/CVE-2022-43959 | Exploit Third Party Advisory |
https://www.bitrix24.com/prices/self-hosted.php | Vendor Advisory |
https://www.bitrix24.com/security/ | Vendor Advisory |
https://github.com/secware-ru/CVE-2022-43959 | Exploit Third Party Advisory |
https://www.bitrix24.com/prices/self-hosted.php | Vendor Advisory |
https://www.bitrix24.com/security/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/secware-ru/CVE-2022-43959 - Exploit, Third Party Advisory | |
References | () https://www.bitrix24.com/prices/self-hosted.php - Vendor Advisory | |
References | () https://www.bitrix24.com/security/ - Vendor Advisory | |
Summary |
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 15:15
Updated : 2024-11-21 07:27
NVD link : CVE-2022-43959
Mitre link : CVE-2022-43959
CVE.ORG link : CVE-2022-43959
JSON object : View
Products Affected
bitrix24
- bitrix24
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor