Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-43959

Published: 20/01/2023 Updated: 08/08/2023
CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Bitrix24

Vulnerability Summary

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 up to and including 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bitrix24 bitrix24

Github Repositories

https://github.com/secware-ru/CVE-2022-43959

Bitrix Vulnerability CVE-2022-43959

CVE-2022-43959 Bitrix Vulnerability CVE-2022-43959 Description Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 AD/LDAP connector module before version 231000 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_editphp CVSS Level Score CVSS Link Med

References

CWE-200https://www.bitrix24.com/security/https://www.bitrix24.com/prices/self-hosted.phphttps://github.com/secware-ru/CVE-2022-43959https://nvd.nist.govhttps://github.com/secware-ru/CVE-2022-43959
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook