Vladislav Driev

5 exploits Active since Nov 2024
CVE-2024-34882 WRITEUP MEDIUM WRITEUP
Bitrix24 23.300.100 - Insufficiently Protected Credentials in SMTP Server Settings
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
CVSS 4.9
CVE-2024-34883 WRITEUP MEDIUM WRITEUP
Bitrix24 23.300.100 - Insufficiently Protected Credentials in DAV Server Settings
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
CVSS 4.9
CVE-2024-34885 WRITEUP MEDIUM WRITEUP
Bitrix24 23.300.100 - Insufficiently Protected Credentials in SMTP Server Settings
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.
CVSS 6.8
CVE-2024-34887 WRITEUP MEDIUM WRITEUP
Bitrix24 23.300.100 - Insufficiently Protected Credentials in AD/LDAP Server Settings
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.
CVSS 4.9
CVE-2024-34891 WRITEUP MEDIUM WRITEUP
Bitrix24 23.300.100 - Cleartext Storage of Sensitive Information in DAV Server Settings
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.
CVSS 6.8