Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36406

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-10 Jun, 2024 | 15:06
Updated At-02 Aug, 2024 | 03:37
Rejected At-
Credits

SuiteCRM vulnerable to open redirects

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:10 Jun, 2024 | 15:06
Updated At:02 Aug, 2024 | 03:37
Rejected At:
▼CVE Numbering Authority (CNA)
SuiteCRM vulnerable to open redirects

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected Products
Vendor
SalesAgility Ltd.salesagility
Product
SuiteCRM
Versions
Affected
  • < 7.14.4
  • >= 8.0.0, < 8.6.1
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
x_refsource_CONFIRM
Hyperlink: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Jun, 2024 | 15:15
Updated At:12 Aug, 2025 | 20:20

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CPE Matches
SalesAgility Ltd.
salesagility
>>suitecrm>>Versions before 7.14.4(exclusive)
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
SalesAgility Ltd.
salesagility
>>suitecrm>>Versions from 8.0.0(inclusive) to 8.6.1(exclusive)
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Secondarysecurity-advisories@github.com
CWE ID: CWE-601
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrvsecurity-advisories@github.com
Vendor Advisory
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrvaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2024-36419
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.05%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:15
Updated-19 Sep, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmSuiteCRM-Coresuitecrm
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-15300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 51.59%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 21:06
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

Action-Not Available
Vendor-n/aSalesAgility Ltd.
Product-suitecrmn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-50477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.03%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 00:00
Updated-23 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-44109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.03%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 00:00
Updated-23 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Details not found