Strix
26.1K

CVE-2011-0745

UnknownEPSS 6.26%

Last modified

CVE-2011-0745 is a vulnerability of currently unknown severity. SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.. EPSS estimates a 6.26% chance of exploitation in the next 30 days.

Description

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

Metrics

EPSS Probability
6.26%

92.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SugarcrmSugarcrm<= 6.1.2
SugarcrmSugarcrm1.0
SugarcrmSugarcrm1.0f
SugarcrmSugarcrm1.0g
SugarcrmSugarcrm1.1
SugarcrmSugarcrm1.1a
SugarcrmSugarcrm1.1b
SugarcrmSugarcrm1.1c
SugarcrmSugarcrm1.1d
SugarcrmSugarcrm1.1e
SugarcrmSugarcrm1.1f
SugarcrmSugarcrm1.5d
SugarcrmSugarcrm2.0.1
SugarcrmSugarcrm2.0.1a
SugarcrmSugarcrm2.0.1c
SugarcrmSugarcrm3.0.1
SugarcrmSugarcrm3.5
SugarcrmSugarcrm3.5.1
SugarcrmSugarcrm4.0
SugarcrmSugarcrm4.0.1
SugarcrmSugarcrm4.1
SugarcrmSugarcrm4.2
SugarcrmSugarcrm4.2.1
SugarcrmSugarcrm4.5.0
SugarcrmSugarcrm4.5.0f
SugarcrmSugarcrm4.5.1
SugarcrmSugarcrm4.5.1i
SugarcrmSugarcrm4.5.1o
SugarcrmSugarcrm5.0.0
SugarcrmSugarcrm5.0.0h
SugarcrmSugarcrm5.0.0k
SugarcrmSugarcrm5.1.0
SugarcrmSugarcrm5.1.0-beta
SugarcrmSugarcrm5.1c
SugarcrmSugarcrm5.1l
SugarcrmSugarcrm5.2.0g
SugarcrmSugarcrm5.2a
SugarcrmSugarcrm5.2c
SugarcrmSugarcrm5.2d
SugarcrmSugarcrm5.2e
SugarcrmSugarcrm5.2f
SugarcrmSugarcrm5.2g
SugarcrmSugarcrm5.2h
SugarcrmSugarcrm5.5Beta1
SugarcrmSugarcrm5.5.0
SugarcrmSugarcrm5.5.1
SugarcrmSugarcrm5.5.2
SugarcrmSugarcrm5.5.3
SugarcrmSugarcrm5.5.4
SugarcrmSugarcrm5.5a

Showing 50 of 56 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-0745?
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
How severe is CVE-2011-0745?
Severity scoring for CVE-2011-0745 is pending analysis. The EPSS model estimates a 6.26% probability of exploitation in the next 30 days.
How do I fix CVE-2011-0745?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-0745?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST