CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
98.1%
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
Vendor | Product | Version | CPE |
---|---|---|---|
sugarcrm | sugarcrm | cpe:/a:sugarcrm:sugarcrm:::: | |
sugarcrm | sugarcrm | 5.0.0 | cpe:/a:sugarcrm:sugarcrm:5.0.0::: |
sugarcrm | sugarcrm | 5.5.4 | cpe:/a:sugarcrm:sugarcrm:5.5.4::: |
sugarcrm | sugarcrm | 6.0.1 | cpe:/a:sugarcrm:sugarcrm:6.0.1::: |
sugarcrm | sugarcrm | 1.1a | cpe:/a:sugarcrm:sugarcrm:1.1a::: |
sugarcrm | sugarcrm | 5.2.0g | cpe:/a:sugarcrm:sugarcrm:5.2.0g::: |
sugarcrm | sugarcrm | 5.5.0 | cpe:/a:sugarcrm:sugarcrm:5.5.0::: |
sugarcrm | sugarcrm | 1.0g | cpe:/a:sugarcrm:sugarcrm:1.0g::: |
sugarcrm | sugarcrm | 2.0.1 | cpe:/a:sugarcrm:sugarcrm:2.0.1::: |
sugarcrm | sugarcrm | 6.0.3 | cpe:/a:sugarcrm:sugarcrm:6.0.3::: |