CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28206

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.8%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://justrealstag.medium.com/user-enumeration-improper-restriction-of-excessive-authentication-attempts-in-bitrix-98933a97e0e6
https://justrealstag.medium.com/user-enumeration-improper-restriction-of-excessive-authentication-attempts-in-bitrix-98933a97e0e6

Products affected by CVE-2020-28206

Bitrix24 » Bitrix Framework » Version: 20.0

cpe:2.3:a:bitrix24:bitrix_framework:20.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28206

Products

Pricing

Contact Us