CVE-2022-43959

Published: Jan 20, 2023Modified: Apr 2, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.

Affected (1)

Products: Bitrix24: Bitrix24

Bitrix24

1 product

Bitrix24

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitrix24 Bitrix24	Up to 22.200.200

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/secware-ru/CVE-2022-43959

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bitrix24.com/prices/self-hosted.php

Source: cve@mitre.org

Vendor Advisory

https://www.bitrix24.com/security/

Source: cve@mitre.org

Vendor Advisory

https://github.com/secware-ru/CVE-2022-43959

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.bitrix24.com/prices/self-hosted.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.bitrix24.com/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.