CVE-2021-41596

Sažetak

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Reference

https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33
https://github.com/salesagility/SuiteCRM
https://suitecrm.com
https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

12-10-2021 - 20:13

Objavljeno

04-10-2021 - 17:15