{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "SugarCRM ist ein Enterprise CRM Produkt für Vertriebs-, Marketing- und Serviceteams über den gesamten Kundenlebenszyklus.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in SugarCRM Sugar Enterprise ausnutzen, um einen Cross Site Scripting oder einen SQL Injection Angriff durchzuführen, Daten zu manipulieren oder Code auszuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2024-0746 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0746.json" }, { "category" : "self", "summary" : "WID-SEC-2024-0746 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0746" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-001/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-002/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-003/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-004/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-005/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-006/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-007/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-008/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-009/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-010/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-011/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-012/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-013/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-014/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-015/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-016/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-017/" }, { "category" : "external", "summary" : "SugarCRM Security Advisory vom 2024-03-27", "url" : "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2024-018/" } ], "source_lang" : "en-US", "title" : "SugarCRM Sugar Enterprise: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2024-11-27T23:00:00.000+00:00", "generator" : { "date" : "2024-11-28T11:39:16.821+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.8" } }, "id" : "WID-SEC-W-2024-0746", "initial_release_date" : "2024-03-27T23:00:00.000+00:00", "revision_history" : [ { "date" : "2024-03-27T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2024-11-27T23:00:00.000+00:00", "number" : "2", "summary" : "Produktzuordnung überprüft" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<13.0.3", "product" : { "name" : "SugarCRM Sugar Enterprise <13.0.3", "product_id" : "T033775" } }, { "category" : "product_version", "name" : "13.0.3", "product" : { "name" : "SugarCRM Sugar Enterprise 13.0.3", "product_id" : "T033775-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:sugarcrm:sugarcrm:13.0.3" } } }, { "category" : "product_version_range", "name" : "<12.0.5", "product" : { "name" : "SugarCRM Sugar Enterprise <12.0.5", "product_id" : "T033776" } }, { "category" : "product_version", "name" : "12.0.5", "product" : { "name" : "SugarCRM Sugar Enterprise 12.0.5", "product_id" : "T033776-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:sugarcrm:sugarcrm:12.0.5" } } } ], "category" : "product_name", "name" : "Sugar Enterprise" } ], "category" : "vendor", "name" : "SugarCRM" } ] }, "vulnerabilities" : [ { "notes" : [ { "category" : "description", "text" : "In SugarCRM Sugar Enterprise existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder einen SQL Injection Angriff durchzuführen, Daten zu manipulieren oder Code auszuführen. Zur erfolgreichen Ausnutzung der Schwachstellen einiger dieser Schwachstellen ist eine Interaktion des Nutzers nötig." } ], "product_status" : { "known_affected" : [ "T033776", "T033775" ] }, "release_date" : "2024-03-27T23:00:00.000+00:00" } ] }