CVE-2023-6388

EUVD-2023-58628
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through

the vulnerable server. This is possible because the application is vulnerable

to SSRF.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Fluid AttacksCNA
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
salesagilitysuitecrm
7.14.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_4
https://fluidattacks.com/advisories/leon/
https://github.com/salesagility/SuiteCRM/
https://fluidattacks.com/advisories/leon/
https://github.com/salesagility/SuiteCRM/