Описание
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
Ссылки
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:8.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
EPSS
Процентиль: 13%
0.00044
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200