CVE-2024-34885

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 522

Summary

CVE-2024-34885 is a new vulnerability affecting the 1C-Bitrix Bitrix24 23.300.100 version. This issue stems from insufficient protection of SMTP server credentials. Malicious administrators can exploit this weakness by executing an HTTP GET request, thereby gaining unauthorized access to SMTP accounts' passwords. This vulnerability poses a significant risk to confidential data transmitted via email, making it essential for affected users to apply the necessary patches promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share