CVE-2021-41596

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41596

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41596.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41596

Aliases

BIT-suitecrm-2021-41596

Published

2021-10-04T17:15:08.820Z

Modified

2026-04-02T07:34:28.734067Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm

Events

Introduced

Fixed

08bbfe1ba3218d0ab5de6357134db8e82030f54a

Introduced

80e9e484f7c00340a67a65efbf82aca2e3d5d141

Fixed

b231a3246e156fb454b4f4aae1bdb6c36bb31cce

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.10.33"
        },
        {
            "introduced": "7.11.0"
        },
        {
            "fixed": "7.11.22"
        }
    ]
}

Affected versions

7.*

7.1.7

7.2.2

7.9.15

7.9.6

v.*

v.7.9.11

v7.*

v7.0.1

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.10-RC

v7.10-RC-2

v7.10-beta

v7.10-beta-2

v7.10-beta-3

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.13

v7.10.14

v7.10.15

v7.10.16

v7.10.17

v7.10.18

v7.10.19

v7.10.2

v7.10.20

v7.10.21

v7.10.22

v7.10.23

v7.10.24

v7.10.25

v7.10.26

v7.10.27

v7.10.28

v7.10.29

v7.10.3

v7.10.30

v7.10.31

v7.10.32

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.10.8

v7.10.9

v7.11-beta

v7.11-rc

v7.11-rc-2

v7.11.0

v7.11.1

v7.11.10

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.19

v7.11.2

v7.11.20

v7.11.21

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.11.9

v7.1RC

v7.1RC2

v7.1beta

v7.1beta2

v7.2

v7.2.1

v7.2.2

v7.2.3

v7.2.4

v7.2beta

v7.2beta2

v7.2beta3

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.3beta3

v7.4

v7.4-beta

v7.4-beta.2

v7.4-rc

v7.4.1

v7.4.2

v7.4.3

v7.5

v7.5-beta

v7.5-beta.2

v7.5-rc

v7.5.1

v7.5.2

v7.5.3

v7.5.4

v7.5.5

v7.6

v7.6-beta-1

v7.6-beta.2

v7.6-rc

v7.6.1

v7.6.10

v7.6.2

v7.6.3

v7.6.4

v7.6.5

v7.6.6

v7.6.7

v7.6.8

v7.6.9

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.1

v7.7.2

v7.7.3

v7.7.4

v7.7.5

v7.7.6

v7.7.7

v7.7.8

v7.7.9

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.10

v7.8.11

v7.8.12

v7.8.13

v7.8.14

v7.8.15

v7.8.16

v7.8.17

v7.8.18

v7.8.19

v7.8.2

v7.8.20

v7.8.21

v7.8.22

v7.8.23

v7.8.24

v7.8.25

v7.8.26

v7.8.27

v7.8.28

v7.8.29

v7.8.3

v7.8.30

v7.8.31

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.16

v7.9.17

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v7.9.7

v7.9.8

v7.9.9

v8.*

v8.0.0-beta.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41596.json"