SuiteCRM authenticated Server-Side Request Forgery
CVE-2024-36414

6.5MEDIUM

Key Information:

Vendor

Salesagility

Status
Suitecrm
Vendor
CVE Published:
10 June 2024

What is CVE-2024-36414?

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected Version(s)

SuiteCRM < 7.14.4 < 7.14.4

SuiteCRM >= 8.0.0, < 8.6.1 < 8.0.0, 8.6.1

References

https://github.com/salesagility/SuiteCRM/security/advisor...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.