Several Bugs Found in 3 Open-Source Software Used by Several Businesses

business software vulnerability

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks.

All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sędkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project.

Stack Overflow Teams

EspoCRM is an open-source customer relationship management (CRM) application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expense tracking.

The list of issues is as follows –

  • CVE-2021-3539 (CVSS score: 6.3) – Persistent XSS flaw in EspoCRM v6.1.6
  • CVE-2021-31867 (CVSS score: 6.5) – SQL injection in Pimcore Customer Data…

Have a comment? Type it below!