Vulnerability Details CVE-2014-3244
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://seclists.org/fulldisclosure/2014/Jun/92
- http://www.securityfocus.com/bid/68102
- https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294
- http://seclists.org/fulldisclosure/2014/Jun/92
- http://www.securityfocus.com/bid/68102
- https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294
Products affected by CVE-2014-3244
-
cpe:2.3:a:sugarcrm:sugarcrm:3.5.1
-
cpe:2.3:a:sugarcrm:sugarcrm:6.3.1
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.0
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.1
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.10
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.11
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.12
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.13
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.14
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.15
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.2
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.3
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.4
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.5
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.6
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.7
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.8
-
cpe:2.3:a:sugarcrm:sugarcrm:6.5.9