CVE-2014-3244: XEE
First published: Thu Feb 01 2018(Updated: )
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | <6.5.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3244?
The severity of CVE-2014-3244 is critical with a score of 9.8.
How does the XML external entity (XXE) vulnerability in SugarCRM before 6.5.17 work?
The vulnerability allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Which version of SugarCRM is affected by CVE-2014-3244?
SugarCRM before version 6.5.17 is affected by CVE-2014-3244.
How can I fix the XML external entity (XXE) vulnerability in SugarCRM?
To fix the vulnerability, you need to upgrade SugarCRM to version 6.5.17 or later.
Where can I find more information about CVE-2014-3244?
You can find more information about CVE-2014-3244 at the following references: [1](http://seclists.org/fulldisclosure/2014/Jun/92), [2](http://www.securityfocus.com/bid/68102), [3](https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294).
- collector/nvd-index
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/references
- agent/tags
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm