Vulnerabilities query

urbanite · 27 April 2018 07:55

Hi all,

I’m in the process of deploying SuiteCRM 7.10.4.

As part of the installation I’ve ran a routine security testing using OpenVAS which has flagged a number of vulnerabilities; as they pertain to SugarCRM I just wanted to confirm whether or not they also apply to SuiteCRM…

sugarcrm-sa-2017-004
sugarcrm-sa-2017-005

These relate to…

Authenticated users may cause arbitrary code to be executed.
Custom code may execute an eval through a deprecated function.

In addition there’s a warning for a CVE-2018-6308 - SQL injection.

I couldn’t see in the release notes acknowledgement or these issues and whether they were fixed.

Could somebody please confirm

Thanks

Urbanite

samus-aran · 27 April 2018 08:12

Good Morning!

Regards to specific SugarCRM issues that were released in 6.5.26, these were addressed differently into the SuiteCRM project prior to their release and hence why we don’t link them up directly with our Release Notes.

Regards to other security issues these are currently being addressed and should be in releases soon. If you wish to discuss further with other Security fixes/queries please feel free to contact our Security team on security@suitecrm.com

urbanite · 27 April 2018 08:30

Thanks Samus; I’ll clarify this with security!