Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0745

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-0745
Last Modified 21 Sep 2011 11:28:49
Published 16 Mar 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-0745

Summary

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

Vulnerable Systems

Application

  • Sugarcrm 1.0

  • Sugarcrm 1.0f

  • Sugarcrm 1.0g

  • Sugarcrm 1.1

  • Sugarcrm 1.1a

  • Sugarcrm 1.1b

  • Sugarcrm 1.1c

  • Sugarcrm 1.1d

  • Sugarcrm 1.1e

  • Sugarcrm 1.1f

  • Sugarcrm 1.5d

  • Sugarcrm 2.0.1

  • Sugarcrm 2.0.1a

  • Sugarcrm 2.0.1c

  • Sugarcrm 3.0.1

  • Sugarcrm 3.5

  • Sugarcrm 3.5.1

  • Sugarcrm 4.0

  • Sugarcrm 4.0.1

  • Sugarcrm 4.1

  • Sugarcrm 4.2

  • Sugarcrm 4.2.1

  • Sugarcrm 4.5.0

  • Sugarcrm 4.5.0f

  • Sugarcrm 4.5.1

  • Sugarcrm 4.5.1i

  • Sugarcrm 4.5.1o

  • Sugarcrm 5.0.0

  • Sugarcrm 5.0.0h

  • Sugarcrm 5.0.0k

  • Sugarcrm 5.1.0

  • Sugarcrm 5.1.0-beta

  • Sugarcrm 5.1c

  • Sugarcrm 5.1l

  • Sugarcrm 5.2.0g

  • Sugarcrm 5.2a

  • Sugarcrm 5.2c

  • Sugarcrm 5.2d

  • Sugarcrm 5.2e

  • Sugarcrm 5.2f

  • Sugarcrm 5.2g

  • Sugarcrm 5.2h

  • Sugarcrm 5.5

  • Sugarcrm 5.5.0

  • Sugarcrm 5.5.1

  • Sugarcrm 5.5.2

  • Sugarcrm 5.5.3

  • Sugarcrm 5.5.4

  • Sugarcrm 5.5a

  • Sugarcrm 6.0

  • Sugarcrm 6.0.1

  • Sugarcrm 6.0.2

  • Sugarcrm 6.0.3

  • Sugarcrm 6.1.0

  • Sugarcrm 6.1.1

  • Sugarcrm 6.1.2


References

XF - sugarcrm-list-info-disclosure(66110)

VUPEN - ADV-2011-0675

SECTRACK - 1025222

BID - 46885

BUGTRAQ - 20110315 [RT-SA-2011-002] SugarCRM list privilege restriction bypass

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2011-002

SREASON - 8141


Last Updated: 27 May 2016 10:56:02