7.5
CVSSv2

CVE-2020-13484

Published: 24/06/2020 Updated: 02/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Bitrix24 up to and including 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

Vulnerability Trend

Affected Products

Vendor Product Versions
Bitrix24Bitrix2420.0.975