Lucene search

[email protected]CVE-2024-36419

HistoryJun 10, 2024 - 10:15 p.m.

CVE-2024-36419

2024-06-1022:15:11

CWE-601

[email protected]

web.nvd.nist.gov

suitecrm

vulnerability

legacy route

host header injection

patch

8.6.1

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue.

Affected configurations

Vulners

Node

salesagilitysuitecrmRange<8.6.1

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "SuiteCRM-Core",
    "versions": [
      {
        "version": "< 8.6.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/salesagility/SuiteCRM-Core/security/advisories/GHSA-3323-hjq3-c6vc

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVE-2024-36419

vulnrichment1 cvelist1 osv1 nvd1