CVE-2024-34885
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 522
Summary
CVE-2024-34885 is a new vulnerability affecting the 1C-Bitrix Bitrix24 23.300.100 version. This issue stems from insufficient protection of SMTP server credentials. Malicious administrators can exploit this weakness by executing an HTTP GET request, thereby gaining unauthorized access to SMTP accounts' passwords. This vulnerability poses a significant risk to confidential data transmitted via email, making it essential for affected users to apply the necessary patches promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Bitrix24
Affected Vendors
- Bitrix24