ID

VAR-200707-0375


CVE

CVE-2007-3600


TITLE

vtiger CRM of wordintegration Vulnerabilities that prevent field-level security permissions in components

Trust: 0.8

sources: JVNDB: JVNDB-2007-005819

DESCRIPTION

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability

Trust: 2.07

sources: NVD: CVE-2007-3600 // JVNDB: JVNDB-2007-005819 // BID: 85632 // VULHUB: VHN-26962 // VULMON: CVE-2007-3600

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3600
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3600
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-099
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26962
value: MEDIUM

Trust: 0.1

VULMON: CVE-2007-3600
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3600
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-26962
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-099

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005819

PATCH

title:3790url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790

Trust: 0.8

sources: JVNDB: JVNDB-2007-005819

EXTERNAL IDS

db:NVDid:CVE-2007-3600

Trust: 2.9

db:OSVDBid:45784

Trust: 1.8

db:JVNDBid:JVNDB-2007-005819

Trust: 0.8

db:CNNVDid:CNNVD-200707-099

Trust: 0.6

db:BIDid:85632

Trust: 0.5

db:VULHUBid:VHN-26962

Trust: 0.1

db:VULMONid:CVE-2007-3600

Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

REFERENCES

url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9

Trust: 2.1

url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790

Trust: 2.1

url:http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845

Trust: 2.1

url:http://osvdb.org/45784

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3600

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3600

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/85632

Trust: 0.1

sources: VULHUB: VHN-26962 // VULMON: CVE-2007-3600 // BID: 85632 // JVNDB: JVNDB-2007-005819 // CNNVD: CNNVD-200707-099 // NVD: CVE-2007-3600

CREDITS

Unknown

Trust: 0.3

sources: BID: 85632

SOURCES

db:VULHUBid:VHN-26962
db:VULMONid:CVE-2007-3600
db:BIDid:85632
db:JVNDBid:JVNDB-2007-005819
db:CNNVDid:CNNVD-200707-099
db:NVDid:CVE-2007-3600

LAST UPDATE DATE

2025-04-10T23:21:45.245000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26962date:2008-11-15T00:00:00
db:VULMONid:CVE-2007-3600date:2008-11-15T00:00:00
db:BIDid:85632date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005819date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-099date:2007-07-12T00:00:00
db:NVDid:CVE-2007-3600date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26962date:2007-07-06T00:00:00
db:VULMONid:CVE-2007-3600date:2007-07-06T00:00:00
db:BIDid:85632date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005819date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-099date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3600date:2007-07-06T19:30:00