Lucene search

GitHub_MCVELIST:CVE-2024-36412

HistoryJun 10, 2024 - 7:35 p.m.

CVE-2024-36412 SuiteCRM unauthenticated SQL Injection

2024-06-1019:35:43

CWE-89

GitHub_M

www.cve.org

suitecrm customer relationship management software sql injection 7.14.4 8.6.1 cve-2024-36412

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.048 Low

EPSS

Percentile

92.8%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "SuiteCRM",
    "versions": [
      {
        "version": "< 7.14.4",
        "status": "affected"
      },
      {
        "version": ">= 8.0.0, < 8.6.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-xjx2-38hv-5hh8

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.048 Low

EPSS

Percentile

92.8%

JSON

Related for CVELIST:CVE-2024-36412