Sign-up

ID

VAR-200707-0489


CVE

CVE-2007-3617


TITLE

vtiger CRM of report Vulnerability to read arbitrary private module entries in modules

Trust: 0.8

sources: JVNDB: JVNDB-2007-005834

DESCRIPTION

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3617 // JVNDB: JVNDB-2007-005834 // BID: 85596 // VULHUB: VHN-26979

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:5.0.2

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.0.3

Trust: 0.8

sources: BID: 85596 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3617
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3617
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-093
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3617
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26979
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26979 // JVNDB: JVNDB-2007-005834 // CNNVD: CNNVD-200707-093 // NVD: CVE-2007-3617

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-093

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005834

PATCH
title:2692url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005834

EXTERNAL IDS
db:NVDid:CVE-2007-3617
Trust: 2.8
db:OSVDBid:45804
Trust: 1.7
db:JVNDBid:JVNDB-2007-005834
Trust: 0.8
db:CNNVDid:CNNVD-200707-093
Trust: 0.6
db:BIDid:85596
Trust: 0.4
db:VULHUBid:VHN-26979
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26979 // 
            
            
            
            BID: 85596 // 
            
            
            
            JVNDB: JVNDB-2007-005834 // 
            
            
            
            CNNVD: CNNVD-200707-093 // 
            
            
            
            NVD: CVE-2007-3617

REFERENCES
url:http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692
Trust: 2.0
url:http://osvdb.org/45804
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3617
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3617
Trust: 0.8
sources:
            
            
            VULHUB: VHN-26979 // 
            
            
            
            BID: 85596 // 
            
            
            
            JVNDB: JVNDB-2007-005834 // 
            
            
            
            CNNVD: CNNVD-200707-093 // 
            
            
            
            NVD: CVE-2007-3617

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 85596

SOURCES
db:VULHUBid:VHN-26979
db:BIDid:85596
db:JVNDBid:JVNDB-2007-005834
db:CNNVDid:CNNVD-200707-093
db:NVDid:CVE-2007-3617

LAST UPDATE DATE
2025-04-10T23:13:15.293000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26979date:2008-11-13T00:00:00
db:BIDid:85596date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005834date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-093date:2007-07-10T00:00:00
db:NVDid:CVE-2007-3617date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-26979date:2007-07-06T00:00:00
db:BIDid:85596date:2007-07-06T00:00:00
db:JVNDBid:JVNDB-2007-005834date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200707-093date:2007-07-06T00:00:00
db:NVDid:CVE-2007-3617date:2007-07-06T19:30:00