Improper Access Control in salesagility/suitecrm
CVE-2023-5353

8.1HIGH

Key Information:

Vendor
Salesagility
Status
Salesagility/suitecrm
Vendor
CVE Published:
3 October 2023

Summary

An improper access control vulnerability has been identified in SuiteCRM developed by SalesAgility. This flaw exists in versions prior to 7.14.1 and allows unauthorized access to sensitive functionalities within the application. Attackers could exploit this weakness to gain access to restricted areas, compromising data integrity and security. It is crucial for users to update to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

salesagility/suitecrm < 7.14.1

References

https://huntr.dev/bounties/3b3bb4f1-1aea-4134-99eb-157f24...
https://github.com/salesagility/suitecrm/commit/c43eaa311...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5353 : Improper Access Control in salesagility/suitecrm | SecurityVulnerability.io