Improper Access Control in salesagility/suitecrm
CVE-2023-5353

8.1HIGH

Key Information:

Vendor: Salesagility
Status: Salesagility/suitecrm
Vendor: CVE Published:; 3 October 2023

🔔 Create Salesagility Vulnerability Alert

What is CVE-2023-5353?

An improper access control vulnerability has been identified in SuiteCRM developed by SalesAgility. This flaw exists in versions prior to 7.14.1 and allows unauthorized access to sensitive functionalities within the application. Attackers could exploit this weakness to gain access to restricted areas, compromising data integrity and security. It is crucial for users to update to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

salesagility/suitecrm < 7.14.1

References

https://huntr.dev/bounties/3b3bb4f1-1aea-4134-99eb-157f24...

https://github.com/salesagility/suitecrm/commit/c43eaa311...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Oct 3, 2023