VYPR

CRM

by Sitecore

CVEs (3)

  • CVE-2017-5965MedMay 23, 2017
    risk 0.44cvss 6.7epss 0.01

    The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackag…

  • CVE-2017-5966MedMay 23, 2017
    risk 0.32cvss 4.9epss 0.02

    Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.

  • CVE-2021-33676Jul 14, 2021
    risk 0.00cvss epss 0.01

    A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.