Sign-up

ID

VAR-200707-0379


CVE

CVE-2007-3604


TITLE

vtiger CRM Vulnerable to data restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2007-005823

DESCRIPTION

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. vtiger CRM is prone to a remote security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3604 // JVNDB: JVNDB-2007-005823 // BID: 85626 // VULHUB: VHN-26966

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85626 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3604
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3604
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26966
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3604
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26966
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26966 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-117

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-117

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005823

PATCH
title:3196url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005823

EXTERNAL IDS
db:NVDid:CVE-2007-3604
Trust: 2.8
db:OSVDBid:45783
Trust: 1.7
db:JVNDBid:JVNDB-2007-005823
Trust: 0.8
db:CNNVDid:CNNVD-200707-117
Trust: 0.7
db:BIDid:85626
Trust: 0.4
db:VULHUBid:VHN-26966
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26966 // 
            
            
            
            BID: 85626 // 
            
            
            
            JVNDB: JVNDB-2007-005823 // 
            
            
            
            CNNVD: CNNVD-200707-117 // 
            
            
            
            NVD: CVE-2007-3604

REFERENCES
url:http://forums.vtiger.com/viewtopic.php?p=44717
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423
Trust: 2.0
url:http://osvdb.org/45783
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3604
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3604
Trust: 0.8
sources:
            
            
            VULHUB: VHN-26966 // 
            
            
            
            BID: 85626 // 
            
            
            
            JVNDB: JVNDB-2007-005823 // 
            
            
            
            CNNVD: CNNVD-200707-117 // 
            
            
            
            NVD: CVE-2007-3604

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 85626

SOURCES
db:VULHUBid:VHN-26966
db:BIDid:85626
db:JVNDBid:JVNDB-2007-005823
db:CNNVDid:CNNVD-200707-117
db:NVDid:CVE-2007-3604

LAST UPDATE DATE
2025-04-10T23:11:36.049000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26966date:2008-11-13T00:00:00
db:BIDid:85626date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005823date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-117date:2007-07-11T00:00:00
db:NVDid:CVE-2007-3604date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-26966date:2007-07-06T00:00:00
db:BIDid:85626date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005823date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-117date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3604date:2007-07-06T19:30:00