Sign-up

ID

VAR-200707-0377


CVE

CVE-2007-3602


TITLE

vtiger CRM of SOAP Web Data access vulnerabilities in services

Trust: 0.8

sources: JVNDB: JVNDB-2007-005821

DESCRIPTION

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. vtiger CRM is prone to a remote security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3602 // JVNDB: JVNDB-2007-005821 // BID: 85621 // VULHUB: VHN-26964

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85621 // JVNDB: JVNDB-2007-005821 // CNNVD: CNNVD-200707-106 // NVD: CVE-2007-3602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3602
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3602
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-106
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26964
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3602
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26964
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26964 // JVNDB: JVNDB-2007-005821 // CNNVD: CNNVD-200707-106 // NVD: CVE-2007-3602

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-106

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-106

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005821

PATCH
title:3084url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005821

EXTERNAL IDS
db:NVDid:CVE-2007-3602
Trust: 2.8
db:JVNDBid:JVNDB-2007-005821
Trust: 0.8
db:CNNVDid:CNNVD-200707-106
Trust: 0.7
db:BIDid:85621
Trust: 0.4
db:VULHUBid:VHN-26964
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26964 // 
            
            
            
            BID: 85621 // 
            
            
            
            JVNDB: JVNDB-2007-005821 // 
            
            
            
            CNNVD: CNNVD-200707-106 // 
            
            
            
            NVD: CVE-2007-3602

REFERENCES
url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084
Trust: 2.0
url:http://forums.vtiger.com/viewtopic.php?p=44233
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3602
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3602
Trust: 0.8
sources:
            
            
            VULHUB: VHN-26964 // 
            
            
            
            BID: 85621 // 
            
            
            
            JVNDB: JVNDB-2007-005821 // 
            
            
            
            CNNVD: CNNVD-200707-106 // 
            
            
            
            NVD: CVE-2007-3602

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 85621

SOURCES
db:VULHUBid:VHN-26964
db:BIDid:85621
db:JVNDBid:JVNDB-2007-005821
db:CNNVDid:CNNVD-200707-106
db:NVDid:CVE-2007-3602

LAST UPDATE DATE
2025-04-10T23:05:35.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26964date:2008-09-05T00:00:00
db:BIDid:85621date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005821date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-106date:2007-07-12T00:00:00
db:NVDid:CVE-2007-3602date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-26964date:2007-07-06T00:00:00
db:BIDid:85621date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005821date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-106date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3602date:2007-07-06T19:30:00