[CVEID]
CVE-2021-41869
[PRODUCT]
SuiteCRM
[VERSION]
before 7.10.33 and 7.11.22
[PROBLEM TYPE]
Incorrect Access Control
[DESCRIPTION]
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation from Regular User to System Administrator User.
Timeline:
- Reported 4.09.2021
- Acknowleged 6.09.2021
- Validated 8.09.2021 (severity='Critial', impact='Important')
- Fixed 24.09.2021