CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
References
Link Resource
http://bitrix24.com Product
https://github.com/DrieVlad/BitrixVulns Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*

History

06 Nov 2024, 19:28

Type Values Removed Values Added
CPE cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 4.9
First Time Bitrix24
Bitrix24 bitrix24
References () http://bitrix24.com - () http://bitrix24.com - Product
References () https://github.com/DrieVlad/BitrixVulns - () https://github.com/DrieVlad/BitrixVulns - Third Party Advisory

05 Nov 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CWE CWE-522
Summary
  • (es) Las credenciales insuficientemente protegidas en la configuración del servidor SMTP en 1C-Bitrix Bitrix24 23.300.100 permiten a los administradores remotos enviar contraseñas de cuentas SMTP a un servidor arbitrario a través de una solicitud HTTP POST.

04 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 18:15

Updated : 2024-11-06 19:28


NVD link : CVE-2024-34882

Mitre link : CVE-2024-34882

CVE.ORG link : CVE-2024-34882


JSON object : View

Products Affected

bitrix24

  • bitrix24
CWE
CWE-522

Insufficiently Protected Credentials