CVE-2023-6388

Exploit

EPSS 0.05%
Veröffentlicht 07.02.2024 03:15:49
Zuletzt bearbeitet 29.09.2025 18:15:29
Quelle help@fluidattacks.com
CVE-Watchlists
Login
Unerledigt
Login

Suite CRM version 7.14.2 allows making arbitrary HTTP requests through

the vulnerable server. This is possible because the application is vulnerable

to SSRF.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Salesagility ≫ Suite CRM Version7.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
help@fluidattacks.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://fluidattacks.com/advisories/leon/

Third Party Advisory

Exploit

https://github.com/salesagility/SuiteCRM/

Product

https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_4

https://nvd.nist.gov/vuln/detail/CVE-2023-6388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6388

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-6388