Vulnerability Details CVE-2011-0745
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.3%
CVSS Severity
CVSS v2 Score 4.0
References
- http://securityreason.com/securityalert/8141
- http://www.redteam-pentesting.de/advisories/rt-sa-2011-002
- http://www.securityfocus.com/archive/1/517027/100/0/threaded
- http://www.securityfocus.com/bid/46885
- http://www.securitytracker.com/id?1025222
- http://www.vupen.com/english/advisories/2011/0675
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66110
- http://securityreason.com/securityalert/8141
- http://www.redteam-pentesting.de/advisories/rt-sa-2011-002
- http://www.securityfocus.com/archive/1/517027/100/0/threaded
- http://www.securityfocus.com/bid/46885
- http://www.securitytracker.com/id?1025222
- http://www.vupen.com/english/advisories/2011/0675
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66110
Products affected by CVE-2011-0745
-
cpe:2.3:a:sugarcrm:sugarcrm:1.0
-
cpe:2.3:a:sugarcrm:sugarcrm:1.0f
-
cpe:2.3:a:sugarcrm:sugarcrm:1.0g
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1a
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1b
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1c
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1d
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1e
-
cpe:2.3:a:sugarcrm:sugarcrm:1.1f
-
cpe:2.3:a:sugarcrm:sugarcrm:1.5d
-
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1
-
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a
-
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c
-
cpe:2.3:a:sugarcrm:sugarcrm:3.0.1
-
cpe:2.3:a:sugarcrm:sugarcrm:3.5
-
cpe:2.3:a:sugarcrm:sugarcrm:3.5.1
-
cpe:2.3:a:sugarcrm:sugarcrm:4.0
-
cpe:2.3:a:sugarcrm:sugarcrm:4.0.1
-
cpe:2.3:a:sugarcrm:sugarcrm:4.1
-
cpe:2.3:a:sugarcrm:sugarcrm:4.2
-
cpe:2.3:a:sugarcrm:sugarcrm:4.2.1
-
cpe:2.3:a:sugarcrm:sugarcrm:4.5.0
-
cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f
-
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1
-
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1i
-
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1o
-
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0
-
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h
-
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0k
-
cpe:2.3:a:sugarcrm:sugarcrm:5.1.0
-
cpe:2.3:a:sugarcrm:sugarcrm:5.1.0-beta
-
cpe:2.3:a:sugarcrm:sugarcrm:5.1c
-
cpe:2.3:a:sugarcrm:sugarcrm:5.1l
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2.0g
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2a
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2c
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2d
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2e
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2f
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2g
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2h
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.0
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.1
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.2
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.3
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.4
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5a
-
cpe:2.3:a:sugarcrm:sugarcrm:6.0
-
cpe:2.3:a:sugarcrm:sugarcrm:6.0.1
-
cpe:2.3:a:sugarcrm:sugarcrm:6.0.2
-
cpe:2.3:a:sugarcrm:sugarcrm:6.0.3
-
cpe:2.3:a:sugarcrm:sugarcrm:6.1.0
-
cpe:2.3:a:sugarcrm:sugarcrm:6.1.1