CVE-2024-34891

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 312

Summary

CVE-2024-34891 is a newly disclosed vulnerability affecting the DAV server settings in 1C-Bitrix Bitrix24 version 23.300.100. This issue stems from insufficient protection of credentials, enabling remote administrators to retrieve Exchange account passwords through an HTTP GET request. This vulnerability poses a significant risk, as it grants unauthorized access to sensitive information, potentially leading to data breaches or further system compromises. Organizations using the affected version of Bitrix24 are urged to apply the necessary patches as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share