Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
References
Link | Resource |
---|---|
https://github.com/secware-ru/CVE-2022-43959 | Exploit Third Party Advisory |
https://www.bitrix24.com/prices/self-hosted.php | Vendor Advisory |
https://www.bitrix24.com/security/ | Vendor Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 |
02 Feb 2023, 14:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
CWE | CWE-522 | |
First Time |
Bitrix24
Bitrix24 bitrix24 |
|
CPE | cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.bitrix24.com/security/ - Vendor Advisory | |
References | (MISC) https://www.bitrix24.com/prices/self-hosted.php - Vendor Advisory | |
References | (MISC) https://github.com/secware-ru/CVE-2022-43959 - Exploit, Third Party Advisory |
20 Jan 2023, 15:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-43959
Mitre link : CVE-2022-43959
CVE.ORG link : CVE-2022-43959
JSON object : View
Products Affected
bitrix24
- bitrix24
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor