Lucene search

[email protected]CVE-2007-3602

HistoryJul 06, 2007 - 7:30 p.m.

CVE-2007-3602

2007-07-0619:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

vtiger crm

soap

webservice

security

cve-2007-3602

nvd

7 High

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.0%

JSON

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle5.0.2

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	5.0.2

References

forums.vtiger.com/viewtopic.php?p=44233

trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245

trac.vtiger.com/cgi-bin/trac.cgi/report/9

trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084

7 High

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.0%

JSON

Related for CVE-2007-3602

cvelist1 prion1