vendor:
SugarCRM
by:
Unknown
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: SugarCRM
Affected Version From: All versions of SugarCRM prior to the latest patched version
Affected Version To: Latest patched version of SugarCRM
Patch Exists: NO
Related CWE: CVE-2011-0578
CPE: a:sugarcrm:sugarcrm
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0259/, https://www.rapid7.com/db/vulnerabilities/suse-sa-2011-011/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0608/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0559/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0560/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0561/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0572/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0573/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0574/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0578/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0607/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0608/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-4a3482da-3624-11e0-b995-001b2134ef46/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0206/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0571/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0573/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0571/, https://www.rapid7.com/db/vulnerabilities/suse-sa-2011-009/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0559/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0560/, https://www.rapid7.com/db/?q=CVE-2011-0578&type=&page=2, https://www.rapid7.com/db/?q=CVE-2011-0578&type=&page=2
Platforms Tested:
2011
SugarCRM Information Disclosure Vulnerability
SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Mitigation:
It is recommended to apply the latest patches and updates provided by SugarCRM to mitigate this vulnerability. Additionally, access controls should be implemented to restrict access to sensitive application data.