Vulnerability Description
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sugarcrm | Sugarcrm | < 6.5.16 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Jun/92Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68102Third Party AdvisoryVDB Entry
- https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Jun/92Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68102Third Party AdvisoryVDB Entry
- https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294ExploitThird Party Advisory
FAQ
What is CVE-2014-3244?
CVE-2014-3244 is a vulnerability with a CVSS score of 9.8 (CRITICAL). XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in a...
How severe is CVE-2014-3244?
CVE-2014-3244 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3244?
Check the references section above for vendor advisories and patch information. Affected products include: Sugarcrm Sugarcrm.