ID

VAR-200707-0489


CVE

CVE-2007-3617


TITLE

vtiger CRM of report Vulnerability to read arbitrary private module entries in modules

Trust: 0.8

sources: JVNDB: JVNDB-2007-005834

DESCRIPTION

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3617 // JVNDB: JVNDB-2007-005834 // BID: 85596 // VULHUB: VHN-26979

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85596 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3617
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3617
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-093
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3617
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26979
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26979 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-093

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005834

PATCH

title:2692url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692

Trust: 0.8

sources: JVNDB: JVNDB-2007-005834

EXTERNAL IDS

db:NVDid:CVE-2007-3617

Trust: 2.8

db:OSVDBid:45804

Trust: 1.7

db:JVNDBid:JVNDB-2007-005834

Trust: 0.8

db:CNNVDid:CNNVD-200707-093

Trust: 0.6

db:BIDid:85596

Trust: 0.4

db:VULHUBid:VHN-26979

Trust: 0.1

sources: VULHUB: VHN-26979 // BID: 85596 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

REFERENCES

url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9

Trust: 2.0

url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692

Trust: 2.0

url:http://osvdb.org/45804

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3617

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3617

Trust: 0.8

sources: VULHUB: VHN-26979 // BID: 85596 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

CREDITS

Unknown

Trust: 0.3

sources: BID: 85596

SOURCES

db:VULHUBid:VHN-26979
db:BIDid:85596
db:JVNDBid:JVNDB-2007-005834
db:CNNVDid:CNNVD-200707-093
db:NVDid:CVE-2007-3617

LAST UPDATE DATE

2025-04-10T23:13:15.293000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26979date:2008-11-13T00:00:00
db:BIDid:85596date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005834date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-093date:2007-07-10T00:00:00
db:NVDid:CVE-2007-3617date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26979date:2007-07-06T00:00:00
db:BIDid:85596date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005834date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-093date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3617date:2007-07-06T19:30:00