CVE Vulnerabilities

CVE-2024-36416

Logging of Excessive Data

Published: Jun 10, 2024 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Weakness

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

Affected Software

Name Vendor Start Version End Version
Suitecrm Salesagility * 7.14.4 (excluding)
Suitecrm Salesagility 8.0.0 (including) 8.6.1 (excluding)

Potential Mitigations

References