CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-wg74-772c-8gr7	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:salesagility:suitecrm::::::::
	cpe:2.3:a:salesagility:suitecrm::::::::

History

12 Jun 2024, 17:59

Type	Values Removed	Values Added
First Time		Salesagility Salesagility suitecrm
Summary		(es) SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en la verificación de archivos de los conectores permitía un ataque de server-side request forgery. Las versiones 7.14.4 y 8.6.1 contienen una solución para este problema.
CPE		cpe:2.3:a:salesagility:suitecrm::::::::
References	~~() https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-wg74-772c-8gr7 -~~	() https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-wg74-772c-8gr7 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.7~~	v2 : unknown v3 : 6.5

10 Jun 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-10 20:15

Updated : 2024-06-12 17:59

NVD link : CVE-2024-36414

Mitre link : CVE-2024-36414

CVE.ORG link : CVE-2024-36414

JSON object : View

Products Affected

salesagility

suitecrm

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-36414", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2024-06-10T20:15:14.277", "references": [{"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-wg74-772c-8gr7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue."}, {"lang": "es", "value": "SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con el cliente (CRM) de c\u00f3digo abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en la verificaci\u00f3n de archivos de los conectores permit\u00eda un ataque de server-side request forgery. Las versiones 7.14.4 y 8.6.1 contienen una soluci\u00f3n para este problema."}], "lastModified": "2024-06-12T17:59:14.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "176C4E20-B96D-4391-986F-3314663983AC", "versionEndExcluding": "7.14.4"}, {"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5249169E-5516-4705-A2C8-DE1BA56497D0", "versionEndExcluding": "8.6.1", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}