CVE-2021-41596

Published: Oct 4, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Affected (2)

Products: Salesagility: Suitecrm

Salesagility

1 product

Suitecrm

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Salesagility Suitecrm	Before 7.10.33
Salesagility Suitecrm	From 7.11.0 to 7.11.22

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/salesagility/SuiteCRM

Source: cve@mitre.org

ProductThird Party Advisory

https://suitecrm.com

Source: cve@mitre.org

Vendor Advisory

https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33