OpenCVE

Filtered by vendor Bitrix Subscriptions

Filtered by product Bitrix24 Subscriptions

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-13758	1 Bitrix	1 Bitrix24	2024-11-21	6.1 Medium
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2024-34882	2 Bitrix, Bitrix24	2 Bitrix24, Bitrix24	2024-11-06	6.8 Medium
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
CVE-2024-34883	2 Bitrix, Bitrix24	2 Bitrix24, Bitrix24	2024-11-06	6.8 Medium
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
CVE-2024-34887	2 Bitrix, Bitrix24	2 Bitrix24, Bitrix24	2024-11-06	6.8 Medium
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.
CVE-2024-34891	1 Bitrix	1 Bitrix24	2024-11-05	6.8 Medium
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.
CVE-2024-34885	1 Bitrix	1 Bitrix24	2024-11-05	6.8 Medium
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

Page 1 of 1.