Bitrix24 - Bitrix24 CVE

Filtered by vendor Bitrix24 Subscribe

Filtered by product Bitrix24

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-43959	1 Bitrix24	1 Bitrix24	2023-08-08	N/A	4.9 MEDIUM
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
CVE-2020-13483	1 Bitrix24	1 Bitrix24	2020-06-29	4.3 MEDIUM	6.1 MEDIUM
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.

Vulnerabilities (CVE)