Details of VAR-200707-0375

ID

VAR-200707-0375

CVE

CVE-2007-3600

TITLE

vtiger CRM of wordintegration Vulnerabilities that prevent field-level security permissions in components

Trust: 0.8

sources: JVNDB: JVNDB-2007-005819

DESCRIPTION

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability

Trust: 2.07

sources: NVD: CVE-2007-3600 // JVNDB: JVNDB-2007-005819 // BID: 85632 // VULHUB: VHN-26962 // VULMON: CVE-2007-3600

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	lte	version:	5.0.2	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.2	Trust: 0.9
vendor:	vtiger	model:	crm	scope:	lt	version:	5.0.3	Trust: 0.8

sources: BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3600
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-3600
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200707-099
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-26962
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-3600
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-3600
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-26962
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-099

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005819

PATCH

title:

3790

url:

http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790

Trust: 0.8

sources: JVNDB: JVNDB-2007-005819

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3600	Trust: 2.9
db:	OSVDB	id:	45784	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-005819	Trust: 0.8
db:	CNNVD	id:	CNNVD-200707-099	Trust: 0.6
db:	BID	id:	85632	Trust: 0.5
db:	VULHUB	id:	VHN-26962	Trust: 0.1
db:	VULMON	id:	CVE-2007-3600	Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

REFERENCES

url:	http://trac.vtiger.com/cgi-bin/trac.cgi/report/9	Trust: 2.1
url:	http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790	Trust: 2.1
url:	http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845	Trust: 2.1
url:	http://osvdb.org/45784	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3600	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3600	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/85632	Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

CREDITS

Unknown

Trust: 0.3

sources: BID: 85632

SOURCES

db:	VULHUB	id:	VHN-26962
db:	VULMON	id:	CVE-2007-3600
db:	BID	id:	85632
db:	JVNDB	id:	JVNDB-2007-005819
db:	CNNVD	id:	CNNVD-200707-099
db:	NVD	id:	CVE-2007-3600

LAST UPDATE DATE

2025-04-10T23:21:45.245000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26962	date:	2008-11-15T00:00:00
db:	VULMON	id:	CVE-2007-3600	date:	2008-11-15T00:00:00
db:	BID	id:	85632	date:	2007-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2007-005819	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200707-099	date:	2007-07-12T00:00:00
db:	NVD	id:	CVE-2007-3600	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26962	date:	2007-07-06T00:00:00
db:	VULMON	id:	CVE-2007-3600	date:	2007-07-06T00:00:00
db:	BID	id:	85632	date:	2007-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2007-005819	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200707-099	date:	2007-07-06T00:00:00
db:	NVD	id:	CVE-2007-3600	date:	2007-07-06T19:30:00