Lucene search

GoogleOSV:BIT-SUITECRM-2024-36416

HistoryJun 12, 2024 - 7:37 a.m.

BIT-suitecrm-2024-36416

2024-06-1207:37:09

Google

osv.dev

suitecrm

open-source

crm

software

v4 api

log rotation

fix

versions

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CPENameOperatorVersion
suitecrmlt8.6.1
suitecrmlt7.14.4
suitecrmge8.0.0

Name	Operator	Version
suitecrm	lt	8.6.1
suitecrm	lt	7.14.4
suitecrm	ge	8.0.0

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-jrpp-22g3-2j77

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for OSV:BIT-SUITECRM-2024-36416