CVE-2019-18782

EUVD-2019-8491
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
salesagilitysuitecrm
7.10.0 ≤
𝑥
< 7.10.21
salesagilitysuitecrm
7.11.0 ≤
𝑥
< 7.11.9
𝑥
= Vulnerable software versions
References
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9