Unrated severityNVD Advisory· Published Nov 4, 2024· Updated Nov 5, 2024

CVE-2024-34891

Description

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

Affected products

1C-Bitrix/Bitrix24description
Bitrix/Bitrix24llm-fuzzy
Range: =23.300.100

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bitrix24.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000