CVE-2023-47643

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 21, 2023
Updated: Nov 29, 2023
CWE ID 200

Summary

CVE-2023-47643 is a vulnerability affecting SuiteCRM, a Customer Relationship Management (CRM) software application. Before version 8.4.2, the software failed to secure Graphql Introspection, leaving it accessible without authentication. This oversight exposed the entire schema of the API, providing attackers with insight into all object types, arguments, and functions. Sensitive information, including UserHash, could be obtained through this unprotected access. Version 8.4.2 is the patched release, with no known workarounds for older versions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • SuiteCRM

Affected Vendors

  • SalesAgility Ltd.