DrieVlad/BitrixVulns

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-34885 ↗	Nov 4, 2024Monday, 4 November 2024, 19:15	6.8 MEDIUM	—
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.
CVE-2024-34891 ↗	Nov 4, 2024Monday, 4 November 2024, 19:15	6.8 MEDIUM	—
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.
CVE-2024-34882 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	4.9 MEDIUM	—
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
CVE-2024-34883 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	4.9 MEDIUM	—
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
CVE-2024-34887 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	4.9 MEDIUM	—
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.