CVE-2024-34883

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 522

Summary

CVE-2024-34883 is a vulnerability affecting the DAV server settings in 1C-Bitrix Bitrix24 version 23.300.100. This issue stems from insufficient protection of credentials, enabling remote administrators to obtain proxy-server accounts' passwords through an HTTP GET request. This poses a significant security risk, as unauthorized access to these credentials can lead to unintended modifications or unauthorized actions within the system. System administrators are encouraged to promptly apply the necessary patch or update to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share