Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://bitrix24.com | |
https://github.com/DrieVlad/BitrixVulns |
History
Wed, 06 Nov 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitrix24
Bitrix24 bitrix24 |
|
CPEs | cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:* | |
Vendors & Products |
Bitrix24
Bitrix24 bitrix24 |
Tue, 05 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitrix
Bitrix bitrix24 |
|
Weaknesses | CWE-522 | |
CPEs | cpe:2.3:a:bitrix:bitrix24:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitrix
Bitrix bitrix24 |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-04T00:00:00
Updated: 2024-11-05T16:53:49.821Z
Reserved: 2024-05-09T00:00:00
Link: CVE-2024-34887
Vulnrichment
Updated: 2024-11-05T16:53:42.467Z
NVD
Status : Analyzed
Published: 2024-11-04T18:15:04.867
Modified: 2024-11-06T19:28:15.613
Link: CVE-2024-34887
Redhat
No data.