CVE-2024-34883
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 522
Summary
CVE-2024-34883 is a vulnerability affecting the DAV server settings in 1C-Bitrix Bitrix24 version 23.300.100. This issue stems from insufficient protection of credentials, enabling remote administrators to obtain proxy-server accounts' passwords through an HTTP GET request. This poses a significant security risk, as unauthorized access to these credentials can lead to unintended modifications or unauthorized actions within the system. System administrators are encouraged to promptly apply the necessary patch or update to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Bitrix24
Affected Vendors
- Bitrix24