Bitrix24 broken access control enabling RCE via REST API — widely exploited by Russian threat actors against organizations in CIS region. Update Bitrix24 to latest version. Restrict REST API access to authenticated internal users only.
Broken access control in Bitrix24 cms allows remote attackers to modify content and perform code execution when REST API is exposed.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →