Known Vulnerabilities for products from Bitrix24
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bitrix24".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-67886 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2024-34891 json | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to ... | Not Provided | 2024-11-04 | 2026-07-05 |
| CVE-2024-34887 json | Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators... | Not Provided | 2024-11-04 | 2026-07-05 |
| CVE-2024-34885 json | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to... | Not Provided | 2024-11-04 | 2026-07-05 |
| CVE-2024-34883 json | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to r... | Not Provided | 2024-11-04 | 2026-07-05 |
| CVE-2024-34882 json | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to... | Not Provided | 2024-11-04 | 2026-07-05 |
| CVE-2023-1720 json | Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript ... | 8 - HIGH | 2023-11-01 | 2023-11-09 |
| CVE-2023-1719 json | Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-1718 json | Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remo... | 7.5 - HIGH | 2023-11-01 | 2023-11-09 |
| CVE-2023-1717 json | Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows ... | 9.6 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-1716 json | Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary Jav... | 9.6 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-1715 json | A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS ... | 5.4 - MEDIUM | 2023-11-01 | 2023-11-08 |
| CVE-2023-1714 json | Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authent... | 8.8 - HIGH | 2023-11-01 | 2023-11-09 |
| CVE-2023-1713 json | Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache H... | 8.8 - HIGH | 2023-11-01 | 2023-11-09 |
| CVE-2022-43959 json | Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote adm... | 4.9 - MEDIUM | 2023-01-20 | 2023-08-08 |
| CVE-2022-27228 json | In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute... | 9.8 - CRITICAL | 2022-03-22 | 2022-03-28 |
| CVE-2020-28206 json | An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction... | 6.5 - MEDIUM | 2020-12-02 | 2020-12-04 |
| CVE-2020-13484 json | Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url pa... | 9.8 - CRITICAL | 2020-06-24 | 2020-07-02 |
| CVE-2020-13483 json | The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitri... | 6.1 - MEDIUM | 2020-06-24 | 2020-06-29 |
| CVE-2017-20122 json | A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an u... | 5.4 - MEDIUM | 2022-06-30 | 2022-07-09 |
Known software with vulnerabilities from Bitrix24
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bitrix24 | Bitrix24 | - |
| Application | Bitrix24 | Bitrix Framework | 20.0 |