CVE-2021-41596
MEDIUM5.3EPSS 0.30%Published: 3/6/2024Modified: 4/3/2025
Description
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
Affected packages (1)
- Bitnami/suitecrmfrom 0, < 7.10.33, >= 7.11.0, < 7.11.22
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |