CVE-2024-45392
MEDIUM EPSS 19.6%
Published Sep 5, 20241y ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Published Sep 5, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
19.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-284
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| salesagility | suitecrm | * | <7.14.5 |
| salesagility | suitecrm | * | ≥8.0.0 – <8.6.2 |
References 2
- docs.suitecrm.com https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_5
- github.com https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-8qfx-h7pm-2587
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.