Login Sign Up

CVE-2023-3627

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in SuiteCRM Core that allows attackers to trick authenticated users into performing unintended actions. Attackers can exploit this to modify data, change settings, or perform actions on behalf of users. All organizations running vulnerable versions of SuiteCRM Core are affected.

💻 Affected Systems

Products:
  • SuiteCRM Core
Versions: All versions prior to 8.3.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of SuiteCRM Core before the patched version.

📦 What is this software?

Suitecrm by Salesagility

View all CVEs affecting Suitecrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative privileges, modify critical business data, or compromise the entire CRM system through chained attacks.

🟠

Likely Case

Attackers could modify user accounts, change configurations, or manipulate business data through forged requests.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easy to weaponize; exploitation requires user interaction but no technical complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.3.1

Vendor Advisory: https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3

Restart Required: No

Instructions:

1. Backup your SuiteCRM instance. 2. Update to version 8.3.1 or later via the SuiteCRM update mechanism. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Manually add CSRF tokens to forms and validate them server-side.

SameSite Cookie Attribute

all

Configure session cookies with SameSite=Strict attribute to prevent CSRF.

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF patterns
  • Educate users about not clicking suspicious links and logging out when not using SuiteCRM

🔍 How to Verify

Check if Vulnerable:

Check SuiteCRM version in admin panel or via 'php -v' if CLI access available.

Check Version:

Check Admin > System Settings > System Information in SuiteCRM web interface

Verify Fix Applied:

Verify version is 8.3.1 or later and test CSRF protection by attempting to submit forms without valid tokens.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed form submissions from same IP
  • Unusual POST requests without referrer headers

Network Indicators:

  • Requests with missing or invalid CSRF tokens
  • POST requests originating from unexpected domains

SIEM Query:

source="suitecrm.log" AND ("POST" AND NOT "csrf_token")

📊 Metadata

CVE ID: CVE-2023-3627
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3627, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)