Unrated severityNVD Advisory· Published Nov 4, 2024· Updated Nov 5, 2024

CVE-2024-34887

Description

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

Affected products

1C-Bitrix/Bitrix24description
Bitrix/Bitrix24llm-fuzzy
Range: =23.300.100

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bitrix24.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000