CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13484

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd
https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd

Products affected by CVE-2020-13484

Bitrix24 » Bitrix24 » Version: N/A

cpe:2.3:a:bitrix24:bitrix24:-
Bitrix24 » Bitrix24 » Version: 20.0.0

cpe:2.3:a:bitrix24:bitrix24:20.0.0
Bitrix24 » Bitrix24 » Version: 20.0.975

cpe:2.3:a:bitrix24:bitrix24:20.0.975

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13484

Products

Pricing

Contact Us