CVE-2014-3244

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published: Feb 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-3244
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
sugarcrm / sugarcrm	-	6.5.16

http://seclists.org/fulldisclosure/2014/Jun/92
http://www.securityfocus.com/bid/68102
https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294

Vulnerability Database

CVE-2014-3244