Lucene search

K
cve[email protected]CVE-2011-0745
HistoryMar 16, 2011 - 10:55 p.m.

CVE-2011-0745

2011-03-1622:55:02
CWE-20
web.nvd.nist.gov
20
sugarcrm
cve-2011-0745
security vulnerability
information security
customer names
contact names

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.763 High

EPSS

Percentile

98.2%

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

Affected configurations

NVD
Node
sugarcrmsugarcrmRange6.1.2
OR
sugarcrmsugarcrmMatch1.0
OR
sugarcrmsugarcrmMatch1.0f
OR
sugarcrmsugarcrmMatch1.0g
OR
sugarcrmsugarcrmMatch1.1
OR
sugarcrmsugarcrmMatch1.1a
OR
sugarcrmsugarcrmMatch1.1b
OR
sugarcrmsugarcrmMatch1.1c
OR
sugarcrmsugarcrmMatch1.1d
OR
sugarcrmsugarcrmMatch1.1e
OR
sugarcrmsugarcrmMatch1.1f
OR
sugarcrmsugarcrmMatch1.5d
OR
sugarcrmsugarcrmMatch2.0.1
OR
sugarcrmsugarcrmMatch2.0.1a
OR
sugarcrmsugarcrmMatch2.0.1c
OR
sugarcrmsugarcrmMatch3.0.1
OR
sugarcrmsugarcrmMatch3.5
OR
sugarcrmsugarcrmMatch3.5.1
OR
sugarcrmsugarcrmMatch4.0
OR
sugarcrmsugarcrmMatch4.0.1
OR
sugarcrmsugarcrmMatch4.1
OR
sugarcrmsugarcrmMatch4.2
OR
sugarcrmsugarcrmMatch4.2.1
OR
sugarcrmsugarcrmMatch4.5.0
OR
sugarcrmsugarcrmMatch4.5.0f
OR
sugarcrmsugarcrmMatch4.5.1
OR
sugarcrmsugarcrmMatch4.5.1community_edition
OR
sugarcrmsugarcrmMatch4.5.1i
OR
sugarcrmsugarcrmMatch4.5.1o
OR
sugarcrmsugarcrmMatch5.0.0
OR
sugarcrmsugarcrmMatch5.0.0community_edition
OR
sugarcrmsugarcrmMatch5.0.0sugar_community_edition
OR
sugarcrmsugarcrmMatch5.0.0hsugar_community_edition
OR
sugarcrmsugarcrmMatch5.0.0ksugar_community_edition
OR
sugarcrmsugarcrmMatch5.1.0sugar_community_edition
OR
sugarcrmsugarcrmMatch5.1.0-betasugar_community_edition
OR
sugarcrmsugarcrmMatch5.1csugar_community_edition
OR
sugarcrmsugarcrmMatch5.1l
OR
sugarcrmsugarcrmMatch5.2.0g
OR
sugarcrmsugarcrmMatch5.2a
OR
sugarcrmsugarcrmMatch5.2c
OR
sugarcrmsugarcrmMatch5.2csugar_community_edition
OR
sugarcrmsugarcrmMatch5.2d
OR
sugarcrmsugarcrmMatch5.2dsugar_community_edition
OR
sugarcrmsugarcrmMatch5.2e
OR
sugarcrmsugarcrmMatch5.2esugar_community_edition
OR
sugarcrmsugarcrmMatch5.2f
OR
sugarcrmsugarcrmMatch5.2g
OR
sugarcrmsugarcrmMatch5.2h
OR
sugarcrmsugarcrmMatch5.5beta1
OR
sugarcrmsugarcrmMatch5.5beta2
OR
sugarcrmsugarcrmMatch5.5.0
OR
sugarcrmsugarcrmMatch5.5.1
OR
sugarcrmsugarcrmMatch5.5.2
OR
sugarcrmsugarcrmMatch5.5.3
OR
sugarcrmsugarcrmMatch5.5.4
OR
sugarcrmsugarcrmMatch5.5a
OR
sugarcrmsugarcrmMatch6.0
OR
sugarcrmsugarcrmMatch6.0.1
OR
sugarcrmsugarcrmMatch6.0.2
OR
sugarcrmsugarcrmMatch6.0.3
OR
sugarcrmsugarcrmMatch6.1.0
OR
sugarcrmsugarcrmMatch6.1.1

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.763 High

EPSS

Percentile

98.2%