Bitrix24: >> Bitrix24 >> 20.0.975 Security Vulnerabilities
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2023-01-20
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.098
Published
2022-03-22
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-06-24