Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://bitrix24.com | |
https://github.com/DrieVlad/BitrixVulns |
History
Tue, 05 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitrix
Bitrix bitrix24 |
|
Weaknesses | CWE-312 | |
CPEs | cpe:2.3:a:bitrix:bitrix24:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitrix
Bitrix bitrix24 |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-04T00:00:00
Updated: 2024-11-05T16:43:46.181Z
Reserved: 2024-05-09T00:00:00
Link: CVE-2024-34891
Vulnrichment
Updated: 2024-11-05T16:43:27.806Z
NVD
Status : Awaiting Analysis
Published: 2024-11-04T19:15:06.647
Modified: 2024-11-05T17:35:17.710
Link: CVE-2024-34891
Redhat
No data.