Lucene search

[email protected]CVE-2009-3251

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-3251

2022-10-0316:23:54

CWE-264

[email protected]

web.nvd.nist.gov

vtiger crm

vulnerability

listviewutils.php

cve-2009-3251

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.

Affected configurations

NVD

Node

vtigervtiger_crmRange≤5.1.0

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle5.1.0

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	5.1.0

References

secunia.com/advisories/36309

trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407

trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208

www.osvdb.org/57241

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for CVE-2009-3251

cvelist1 prion1 nvd1