CVE-2021-41596

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Ссылки

https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33
Release Notes
Vendor Advisory
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22
Release Notes
Vendor Advisory
https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md
Third Party Advisory
https://github.com/salesagility/SuiteCRM
Product
Third Party Advisory
https://suitecrm.com
Vendor Advisory
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33
Release Notes
Vendor Advisory
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22
Release Notes
Vendor Advisory
https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md
Third Party Advisory
https://github.com/salesagility/SuiteCRM
Product
Third Party Advisory
https://suitecrm.com
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

Версия до 7.10.33 (исключая)

cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

Версия от 7.11.0 (включая) до 7.11.22 (исключая)

EPSS

Процентиль: 53%

0.00302

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-4jcj-f5hc-phm8

github

больше 3 лет назад