Bitnami package

suitecrm

pkg:bitnami/suitecrm

Vulnerabilities (74)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-36409	—	< 7.14.4	7.14.4	Jun 10, 2024	SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36408	—	< 7.14.4	7.14.4	Jun 10, 2024	SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36407	—	< 7.14.4	7.14.4	Jun 10, 2024	SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the use
CVE-2024-36406	—	< 7.14.4	7.14.4	Jun 10, 2024	SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-1644	—	>= 7.14.2, < 7.14.3	7.14.3	Feb 19, 2024	Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
CVE-2023-6388	—	>= 7.14.2, < 7.14.3	7.14.3	Feb 7, 2024	Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
CVE-2023-47643	—	>= 8.4.1, < 8.4.2	8.4.2	Nov 21, 2023	SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and under
CVE-2023-6131	—	< 7.12.14	7.12.14	Nov 14, 2023	Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6130	—	< 7.12.14	7.12.14	Nov 14, 2023	Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6128	—	< 7.12.14	7.12.14	Nov 14, 2023	Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6127	—	< 7.12.14	7.12.14	Nov 14, 2023	Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6126	—	< 7.12.14	7.12.14	Nov 14, 2023	Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6125	—	< 7.12.14	7.12.14	Nov 14, 2023	Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6124	—	< 7.12.14	7.12.14	Nov 14, 2023	Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVE-2023-5353	—	< 7.14.1	7.14.1	Oct 3, 2023	Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5351	—	< 7.14.1	7.14.1	Oct 3, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5350	—	< 7.14.1	7.14.1	Oct 3, 2023	SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-3627	—	< 8.3.1	8.3.1	Jul 11, 2023	Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVE-2023-3293	—	>= 8.0.0, < 8.0.3	8.0.3	Jun 16, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVE-2023-1034	—	< 7.12.9	7.12.9	Feb 25, 2023	Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.

CVE-2024-36409Jun 10, 2024
affected < 7.14.4fixed 7.14.4
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36408Jun 10, 2024
affected < 7.14.4fixed 7.14.4
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36407Jun 10, 2024
affected < 7.14.4fixed 7.14.4
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the use
CVE-2024-36406Jun 10, 2024
affected < 7.14.4fixed 7.14.4
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-1644Feb 19, 2024
affected >= 7.14.2, < 7.14.3fixed 7.14.3
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
CVE-2023-6388Feb 7, 2024
affected >= 7.14.2, < 7.14.3fixed 7.14.3
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
CVE-2023-47643Nov 21, 2023
affected >= 8.4.1, < 8.4.2fixed 8.4.2
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and under
CVE-2023-6131Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6130Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6128Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6127Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6126Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6125Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6124Nov 14, 2023
affected < 7.12.14fixed 7.12.14
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVE-2023-5353Oct 3, 2023
affected < 7.14.1fixed 7.14.1
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5351Oct 3, 2023
affected < 7.14.1fixed 7.14.1
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5350Oct 3, 2023
affected < 7.14.1fixed 7.14.1
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-3627Jul 11, 2023
affected < 8.3.1fixed 8.3.1
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVE-2023-3293Jun 16, 2023
affected >= 8.0.0, < 8.0.3fixed 8.0.3
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVE-2023-1034Feb 25, 2023
affected < 7.12.9fixed 7.12.9
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.

Page 2 of 4