Vulnerability Description
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Salesagility | Suitecrm | < 7.10.33 |
Related Weaknesses (CWE)
References
- https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33Release NotesVendor Advisory
- https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22Release NotesVendor Advisory
- https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.mdThird Party Advisory
- https://github.com/salesagility/SuiteCRMProductThird Party Advisory
- https://suitecrm.comVendor Advisory
- https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33Release NotesVendor Advisory
- https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22Release NotesVendor Advisory
- https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.mdThird Party Advisory
- https://github.com/salesagility/SuiteCRMProductThird Party Advisory
- https://suitecrm.comVendor Advisory
FAQ
What is CVE-2021-41596?
CVE-2021-41596 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import f...
How severe is CVE-2021-41596?
CVE-2021-41596 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41596?
Check the references section above for vendor advisories and patch information. Affected products include: Salesagility Suitecrm.