CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.
References
Link Resource
http://bitrix24.com Product
https://github.com/DrieVlad/BitrixVulns Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*

History

06 Nov 2024, 19:28

Type Values Removed Values Added
References () http://bitrix24.com - () http://bitrix24.com - Product
References () https://github.com/DrieVlad/BitrixVulns - () https://github.com/DrieVlad/BitrixVulns - Third Party Advisory
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 4.9
First Time Bitrix24
Bitrix24 bitrix24
CPE cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*

05 Nov 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
Summary
  • (es) Credenciales insuficientemente protegidas en la configuración del servidor AD/LDAP en 1C-Bitrix Bitrix24 23.300.100 permite que los administradores remotos envíen contraseñas de cuentas de administradores de AD/LDAP a un servidor arbitrario a través de una solicitud HTTP POST.
CWE CWE-522

04 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 18:15

Updated : 2024-11-06 19:28


NVD link : CVE-2024-34887

Mitre link : CVE-2024-34887

CVE.ORG link : CVE-2024-34887


JSON object : View

Products Affected

bitrix24

  • bitrix24
CWE
CWE-522

Insufficiently Protected Credentials