Bitrix24

Bitrix24

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-50911

Exploit
  • EPSS 0.16%
  • Veröffentlicht 13.01.2026 22:51:50
  • Zuletzt bearbeitet 16.01.2026 15:15:50

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

6.8

CVE-2024-34891

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 04.09.2025 16:33:57

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

6.8

CVE-2024-34885

Exploit
  • EPSS 0.07%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 04.09.2025 16:35:25

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

4.9

CVE-2024-34887

  • EPSS 0.11%
  • Veröffentlicht 04.11.2024 18:15:04
  • Zuletzt bearbeitet 06.11.2024 19:28:15

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

4.9

CVE-2024-34883

  • EPSS 0.1%
  • Veröffentlicht 04.11.2024 18:15:04
  • Zuletzt bearbeitet 06.11.2024 19:28:34

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

4.9

CVE-2024-34882

  • EPSS 0.11%
  • Veröffentlicht 04.11.2024 18:15:04
  • Zuletzt bearbeitet 06.11.2024 19:28:48

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.

7.5

CVE-2023-1718

Exploit
  • EPSS 48.81%
  • Veröffentlicht 01.11.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:45

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

8

CVE-2023-1720

Exploit
  • EPSS 1.02%
  • Veröffentlicht 01.11.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:45

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

9.8

CVE-2023-1719

Exploit
  • EPSS 86.13%
  • Veröffentlicht 01.11.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:45

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execut...

9.6

CVE-2023-1717

Exploit
  • EPSS 1.08%
  • Veröffentlicht 01.11.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:45

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the...