CVE-2019-18782

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
salesagilitysuitecrm
7.10.0 ≤
𝑥
< 7.10.21
salesagilitysuitecrm
7.11.0 ≤
𝑥
< 7.11.9
𝑥
= Vulnerable software versions
References
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9