Lucene search

[email protected]NVD:CVE-2021-41596

HistoryOct 04, 2021 - 5:15 p.m.

CVE-2021-41596

2021-10-0417:15:08

CWE-22

[email protected]

web.nvd.nist.gov

suitecrm

information disclosure

directory traversal

importfile parameter

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

46.6%

JSON

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Affected configurations

Nvd

Node

salesagilitysuitecrmRange<7.10.33

salesagilitysuitecrmRange7.11.0–7.11.22

VendorProductVersionCPE
salesagilitysuitecrm*cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
salesagility	suitecrm	*	cpe:2.3:a:salesagility:suitecrm::::::::

References

docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33

docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22

github.com/ach-ing/cves/blob/main/CVE-2021-41596.md

github.com/salesagility/SuiteCRM

suitecrm.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

46.6%

JSON

Related for NVD:CVE-2021-41596

prion1 cve1 cnvd1 cvelist1 osv2