CVE-2024-36416

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36416
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://docs.suitecrm.com/admin/releases/7.14.x/
https://github.com/kva55/CVE-2024-36416
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-jrpp-22g3-2j77 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
History

22 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://docs.suitecrm.com/admin/releases/7.14.x/ -
  • () https://github.com/kva55/CVE-2024-36416 -

12 Jun 2024, 17:58

Type Values Removed Values Added
First Time Salesagility
Salesagility suitecrm
CWE NVD-CWE-Other
CPE cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Summary
  • (es) SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, un ejemplo de API v4 obsoleto sin rotación de registros permitía la denegación de servicio al registrar datos excesivos. Las versiones 7.14.4 y 8.6.1 contienen una solución para este problema.
CVSS v2 : unknown
v3 : 8.6 		v2 : unknown
v3 : 7.5
References () https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-jrpp-22g3-2j77 - () https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-jrpp-22g3-2j77 - Vendor Advisory

10 Jun 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-10 20:15

Updated : 2024-07-22 17:15

NVD link : CVE-2024-36416

Mitre link : CVE-2024-36416

CVE.ORG link : CVE-2024-36416

JSON object : View

Products Affected

salesagility

  • suitecrm
CWE
NVD-CWE-Other CWE-779

Logging of Excessive Data