Lucene search

[email protected]CVE-2011-4679

HistoryDec 07, 2011 - 7:55 p.m.

CVE-2011-4679

2011-12-0719:55:00

CWE-264

[email protected]

web.nvd.nist.gov

vtiger

crm

security

access restrictions

bypass

cve-2011-4679

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.7%

JSON

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmlt5.3.0

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	lt	5.3.0

References

trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003

trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004

wiki.vtiger.com/index.php/Oct2011:ODUpdate

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for CVE-2011-4679

prion1 cvelist1