CVE-2024-34887

Summary

CVE-2024-34887 is a newly disclosed vulnerability affecting the 1C-Bitrix Bitrix24 23.300.100 software. This issue stems from insufficient protection of credentials in Active Directory/LDAP server settings. Consequently, remote administrators can exploit this weakness to send administrator account passwords to an unauthorized server via an HTTP POST request. This vulnerability poses a significant risk to organizations using the affected software, potentially leading to unauthorized access to sensitive data and system compromise. It is crucial for users to apply the necessary patches as soon as they become available to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.