Skip to main content

Suitecrm CVE-2023-5353

MEDIUM
Improper Access Control (CWE-284)
2023-10-03 security@huntr.dev
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 03, 2023 - 13:15 nvd
MEDIUM 6.5

DescriptionNVD

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.

AnalysisAI

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-284. Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Affected products include: Salesagility Suitecrm. Version information: prior to 7.14.1..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-42840 HIGH POC
8.8 Oct 22

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. Rated high severity

CVE-2020-28328 HIGH POC
8.8 Nov 06

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. Rated high

CVE-2024-36412 CRITICAL POC
9.8 Jun 10

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated critical severity (CVSS 9.

CVE-2023-6126 CRITICAL POC
9.8 Nov 14

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated critical severity (CVSS

CVE-2023-5350 CRITICAL POC
9.1 Oct 03

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated critical severity (CVSS 9.1), this vulne

CVE-2015-5947 HIGH POC
8.1 Sep 06

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerabil

CVE-2022-45185 HIGH POC
8.8 Jan 07

An issue was discovered in SuiteCRM 7.12.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2024-1644 HIGH POC
8.8 Feb 20

Suite CRM version 7.14.2 allows including local php files. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2023-6131 HIGH POC
8.8 Nov 14

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8

CVE-2023-6130 HIGH POC
8.8 Nov 14

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high se

CVE-2023-6125 HIGH POC
8.8 Nov 14

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8

CVE-2023-3627 HIGH POC
8.8 Jul 11

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Rated high severity (C

Share

CVE-2023-5353 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy