Lucene search

[email protected]CVE-2007-3600

HistoryJul 06, 2007 - 7:30 p.m.

CVE-2007-3600

2007-07-0619:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

3600

wordplugin

vtiger crm

security bypass

field level security

email template

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle5.0.2

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	5.0.2

References

osvdb.org/45784

trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845

trac.vtiger.com/cgi-bin/trac.cgi/report/9

trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2007-3600

prion1