CVE-2007-3617

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/45804
http://trac.vtiger.com/cgi-bin/trac.cgi/report/9	Patch
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692
http://osvdb.org/45804
http://trac.vtiger.com/cgi-bin/trac.cgi/report/9	Patch
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692

Configurations

Configuration 1 (hide)

cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:33

Type	Values Removed	Values Added
References	~~() http://osvdb.org/45804 -~~	() http://osvdb.org/45804 -
References	~~() http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 - Patch~~	() http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 - Patch
References	~~() http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692 -~~	() http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692 -

Information

Published : 2007-07-06 19:30

Updated : 2025-04-09 00:30

NVD link : CVE-2007-3617

Mitre link : CVE-2007-3617

CVE.ORG link : CVE-2007-3617

JSON object : View

Products Affected

vtiger

vtiger_crm

CWE

NVD-CWE-Other

{"id": "CVE-2007-3617", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-06T19:30:00.000", "references": [{"url": "http://osvdb.org/45804", "source": "cve@mitre.org"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/45804", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries."}, {"lang": "es", "value": "El m\u00f3dulo informe en vtiger CRM versiones anteriores a 5.0.3 no aplica apropiadamente las reglas de seguridad, lo cual permite a usuarios remotos autenticados leer entradas de m\u00f3dulo privadas de su elecci\u00f3n."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E8668A7-60BA-45AA-A159-26890ADB6A0A", "versionEndIncluding": "5.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.0 /10