CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.4%

CVSS Severity

CVSS v3 Score 4.9

References

https://github.com/secware-ru/CVE-2022-43959
https://www.bitrix24.com/prices/self-hosted.php
https://www.bitrix24.com/security/
https://github.com/secware-ru/CVE-2022-43959
https://www.bitrix24.com/prices/self-hosted.php
https://www.bitrix24.com/security/

Products affected by CVE-2022-43959

Bitrix24 » Bitrix24 » Version: N/A

cpe:2.3:a:bitrix24:bitrix24:-
Bitrix24 » Bitrix24 » Version: 20.0.0

cpe:2.3:a:bitrix24:bitrix24:20.0.0
Bitrix24 » Bitrix24 » Version: 20.0.975

cpe:2.3:a:bitrix24:bitrix24:20.0.975
Bitrix24 » Bitrix24 » Version: 22.0.300

cpe:2.3:a:bitrix24:bitrix24:22.0.300

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43959

Products

Pricing

Contact Us