Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43959 | 1 Bitrix24 | 1 Bitrix24 | 2024-02-04 | N/A | 4.9 MEDIUM |
| Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. | |||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | |||||
| CVE-2020-13483 | 1 Bitrix24 | 1 Bitrix24 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. | |||||
| CVE-2020-13484 | 1 Bitrix24 | 1 Bitrix24 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL. | |||||