ID

VAR-200707-0379


CVE

CVE-2007-3604


TITLE

vtiger CRM Vulnerable to data restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2007-005823

DESCRIPTION

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. vtiger CRM is prone to a remote security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3604 // JVNDB: JVNDB-2007-005823 // BID: 85626 // VULHUB: VHN-26966

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85626 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3604
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3604
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26966
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3604
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26966
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26966 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-117

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005823

PATCH

title:3196url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196

Trust: 0.8

sources: JVNDB: JVNDB-2007-005823

EXTERNAL IDS

db:NVDid:CVE-2007-3604

Trust: 2.8

db:OSVDBid:45783

Trust: 1.7

db:JVNDBid:JVNDB-2007-005823

Trust: 0.8

db:CNNVDid:CNNVD-200707-117

Trust: 0.7

db:BIDid:85626

Trust: 0.4

db:VULHUBid:VHN-26966

Trust: 0.1

sources: VULHUB: VHN-26966 // BID: 85626 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

REFERENCES

url:http://forums.vtiger.com/viewtopic.php?p=44717

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423

Trust: 2.0

url:http://osvdb.org/45783

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3604

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3604

Trust: 0.8

sources: VULHUB: VHN-26966 // BID: 85626 // JVNDB: JVNDB-2007-005823 // CNNVD: CNNVD-200707-117 // NVD: CVE-2007-3604

CREDITS

Unknown

Trust: 0.3

sources: BID: 85626

SOURCES

db:VULHUBid:VHN-26966
db:BIDid:85626
db:JVNDBid:JVNDB-2007-005823
db:CNNVDid:CNNVD-200707-117
db:NVDid:CVE-2007-3604

LAST UPDATE DATE

2025-04-10T23:11:36.049000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26966date:2008-11-13T00:00:00
db:BIDid:85626date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005823date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-117date:2007-07-11T00:00:00
db:NVDid:CVE-2007-3604date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26966date:2007-07-06T00:00:00
db:BIDid:85626date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005823date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-117date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3604date:2007-07-06T19:30:00