ID

VAR-200707-0373


CVE

CVE-2007-3598


TITLE

index.php of vtiger CRM Vulnerabilities in which all user names are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2007-005817

DESCRIPTION

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3598 // JVNDB: JVNDB-2007-005817 // BID: 85646 // VULHUB: VHN-26960

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85646 // JVNDB: JVNDB-2007-005817 // CNNVD: CNNVD-200707-098 // NVD: CVE-2007-3598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3598
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3598
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-098
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3598
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26960
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26960 // JVNDB: JVNDB-2007-005817 // CNNVD: CNNVD-200707-098 // NVD: CVE-2007-3598

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-098

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005817

PATCH

title:2985url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985

Trust: 0.8

sources: JVNDB: JVNDB-2007-005817

EXTERNAL IDS

db:NVDid:CVE-2007-3598

Trust: 2.8

db:JVNDBid:JVNDB-2007-005817

Trust: 0.8

db:CNNVDid:CNNVD-200707-098

Trust: 0.6

db:BIDid:85646

Trust: 0.4

db:VULHUBid:VHN-26960

Trust: 0.1

sources: VULHUB: VHN-26960 // BID: 85646 // JVNDB: JVNDB-2007-005817 // CNNVD: CNNVD-200707-098 // NVD: CVE-2007-3598

REFERENCES

url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2664

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985

Trust: 2.0

url:http://forums.vtiger.com/viewtopic.php?p=38609

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3598

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3598

Trust: 0.8

sources: VULHUB: VHN-26960 // BID: 85646 // JVNDB: JVNDB-2007-005817 // CNNVD: CNNVD-200707-098 // NVD: CVE-2007-3598

CREDITS

Unknown

Trust: 0.3

sources: BID: 85646

SOURCES

db:VULHUBid:VHN-26960
db:BIDid:85646
db:JVNDBid:JVNDB-2007-005817
db:CNNVDid:CNNVD-200707-098
db:NVDid:CVE-2007-3598

LAST UPDATE DATE

2025-04-10T23:18:09.086000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26960date:2008-09-05T00:00:00
db:BIDid:85646date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005817date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-098date:2007-07-12T00:00:00
db:NVDid:CVE-2007-3598date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26960date:2007-07-06T00:00:00
db:BIDid:85646date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005817date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-098date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3598date:2007-07-06T19:30:00