QSearchQSearch

CVE-2021-3131

7.5 HIGH

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter

Published: 2021-01-13 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-326

Affected products

VendorProduct
1c1c\

Description

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-41860 CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM (8.8 HIGH)
  • CVE-2026-8878 Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensiti... (7.5 HIGH)
  • CVE-2026-45787 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client (9.1 CRITICAL)
  • CVE-2026-5363 Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation (8.8 HIGH)
  • CVE-2024-28755 An issue was discovered in Mbed TLS 3.5.x before 3.6.0 (6.5 MEDIUM)