CVE-2023-47643

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 21, 2023

Updated: Nov 29, 2023

CWE ID 200

Summary

CVE-2023-47643 is a vulnerability affecting SuiteCRM, a Customer Relationship Management (CRM) software application. Before version 8.4.2, the software failed to secure Graphql Introspection, leaving it accessible without authentication. This oversight exposed the entire schema of the API, providing attackers with insight into all object types, arguments, and functions. Sensitive information, including UserHash, could be obtained through this unprotected access. Version 8.4.2 is the patched release, with no known workarounds for older versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SuiteCRM

Affected Vendors

SalesAgility Ltd.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tT7Jey
https://www.cve.org/CVERecord?id=CVE-2023-47643
https://nvd.nist.gov/vuln/detail/CVE-2023-47643

Back to Vulnerability Database