CVE-2024-36407

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36407
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36407.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36407
Aliases
Published
2024-06-10T16:38:17.390Z
Modified
2025-12-10T10:10:31.513262Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
SuiteCRM unauthenticated user password reset on php7
Details

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-640"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36407.json"
}
References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type
GIT
Repo
https://github.com/salesagility/suitecrm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
504d6f0ebd5847169d73c52d312e91916a7280bb

Affected versions

7.*

7.2.2
7.9.15
7.9.6

v.*

v.7.9.11

v7.*

v7.0.1
v7.0.2
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.10-RC
v7.10-RC-2
v7.10-beta
v7.10-beta-2
v7.10-beta-3
v7.10.0
v7.10.1
v7.10.10
v7.10.11
v7.10.12
v7.10.13
v7.10.14
v7.10.15
v7.10.16
v7.10.17
v7.10.18
v7.10.19
v7.10.2
v7.10.20
v7.10.21
v7.10.22
v7.10.23
v7.10.3
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.10.8
v7.10.9
v7.11-beta
v7.11-rc
v7.11-rc-2
v7.11.0
v7.11.1
v7.11.10
v7.11.11
v7.11.12
v7.11.13
v7.11.14
v7.11.15
v7.11.16
v7.11.17
v7.11.18
v7.11.19
v7.11.2
v7.11.20
v7.11.21
v7.11.22
v7.11.3
v7.11.4
v7.11.5
v7.11.6
v7.11.7
v7.11.8
v7.11.9
v7.12-rc
v7.12.0
v7.12.1
v7.12.10
v7.12.11
v7.12.12
v7.12.2
v7.12.3
v7.12.4
v7.12.5
v7.12.6
v7.12.7
v7.12.8
v7.12.9
v7.13.0
v7.13.0-beta
v7.13.1
v7.13.2
v7.13.3
v7.13.4
v7.14.0
v7.14.0-beta
v7.14.1
v7.14.2
v7.14.3
v7.1RC
v7.1RC2
v7.1beta
v7.1beta2
v7.2
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2beta
v7.2beta2
v7.2beta3
v7.3
v7.3-beta
v7.3.1
v7.3.2
v7.3beta3
v7.4
v7.4-beta
v7.4-beta.2
v7.4.1
v7.4.2
v7.4.3
v7.5-beta
v7.5-beta.2
v7.5-rc
v7.5.1
v7.5.2
v7.5.3
v7.6
v7.6-beta-1
v7.6-beta.2
v7.6-rc
v7.6.1
v7.6.2
v7.6.3
v7.6.4
v7.6.5
v7.6.6
v7.7
v7.7-beta1
v7.7-beta2
v7.7-rc
v7.7-rc2
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.7.5
v7.7.6
v7.7.7
v7.7.8
v7.7.9
v7.8.0
v7.8.0-beta
v7.8.0-beta.2
v7.8.0-rc
v7.8.1
v7.8.10
v7.8.11
v7.8.12
v7.8.13
v7.8.14
v7.8.15
v7.8.16
v7.8.17
v7.8.18
v7.8.19
v7.8.2
v7.8.20
v7.8.3
v7.8.4
v7.8.5
v7.8.6
v7.8.7
v7.8.8
v7.8.9
v7.9.0
v7.9.0-beta
v7.9.0-rc
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.13
v7.9.14
v7.9.16
v7.9.17
v7.9.2
v7.9.3
v7.9.4
v7.9.5
v7.9.7
v7.9.8
v7.9.9

Git / github.com/salesagility/suitecrm-core

Affected ranges

Type
GIT
Repo
https://github.com/salesagility/suitecrm-core
Events
Introduced
55c1ee9cbdf409ed41c04da0bbf442b311a3ab57
Fixed
f483bec4cffb267840725af5c022a7e8f2599934

Affected versions

v8.*

v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.2.0
v8.2.0-beta.2
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.3.0
v8.3.1
v8.4.0
v8.4.0-beta
v8.4.1
v8.4.2
v8.5.0
v8.5.1
v8.6.0