Known Vulnerabilities for products from Bitrix24

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bitrix24".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2025-67886 json Not Provided 2026-05-08 2026-05-08
CVE-2024-34891 json Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to ... Not Provided 2024-11-04 2026-07-05
CVE-2024-34887 json Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators... Not Provided 2024-11-04 2026-07-05
CVE-2024-34885 json Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to... Not Provided 2024-11-04 2026-07-05
CVE-2024-34883 json Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to r... Not Provided 2024-11-04 2026-07-05
CVE-2024-34882 json Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to... Not Provided 2024-11-04 2026-07-05
CVE-2023-1720 json Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript ... 8 - HIGH 2023-11-01 2023-11-09
CVE-2023-1719 json Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (... 9.8 - CRITICAL 2023-11-01 2023-11-09
CVE-2023-1718 json Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remo... 7.5 - HIGH 2023-11-01 2023-11-09
CVE-2023-1717 json Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows ... 9.6 - CRITICAL 2023-11-01 2023-11-09
CVE-2023-1716 json Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary Jav... 9.6 - CRITICAL 2023-11-01 2023-11-09
CVE-2023-1715 json A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS ... 5.4 - MEDIUM 2023-11-01 2023-11-08
CVE-2023-1714 json Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authent... 8.8 - HIGH 2023-11-01 2023-11-09
CVE-2023-1713 json Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache H... 8.8 - HIGH 2023-11-01 2023-11-09
CVE-2022-43959 json Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote adm... 4.9 - MEDIUM 2023-01-20 2023-08-08
CVE-2022-27228 json In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute... 9.8 - CRITICAL 2022-03-22 2022-03-28
CVE-2020-28206 json An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction... 6.5 - MEDIUM 2020-12-02 2020-12-04
CVE-2020-13484 json Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url pa... 9.8 - CRITICAL 2020-06-24 2020-07-02
CVE-2020-13483 json The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitri... 6.1 - MEDIUM 2020-06-24 2020-06-29
CVE-2017-20122 json A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an u... 5.4 - MEDIUM 2022-06-30 2022-07-09

Known software with vulnerabilities from Bitrix24

Type Vendor Product Version
ApplicationBitrix24Bitrix24-
ApplicationBitrix24Bitrix Framework20.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report