Lucene search
GitHub_MCVELIST:CVE-2024-36406HistoryJun 10, 2024 - 3:06 p.m.
CVE-2024-36406 SuiteCRM vulnerable to open redirects
2024-06-1015:06:22
CWE-601
GitHub_M
www.cve.org
2
suitecrm
open redirect
vulnerability
unchecked input
fix
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
26.0%
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CNA Affected
[
{
"vendor": "salesagility",
"product": "SuiteCRM",
"versions": [
{
"version": "< 7.14.4",
"status": "affected"
},
{
"version": ">= 8.0.0, < 8.6.1",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2024-36406
2024-06-10 15:15:52
osv
osv
BIT-suitecrm-2024-36406
2024-06-12 07:39:28
vulnrichment
vulnrichment
CVE-2024-36406 SuiteCRM vulnerable to open redirects
2024-06-10 15:06:22
nvd
nvd
CVE-2024-36406
2024-06-10 15:15:52
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
26.0%
Related for CVELIST:CVE-2024-36406