CVE-2021-41596 Information
Jun 07, 2022
cve
Description
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22 https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33 https://github.com/salesagility/SuiteCRM https://suitecrm.com https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: