Sign-up

ID

VAR-201112-0339


CVE

CVE-2011-4679


TITLE

vtiger CRM Leads Module Security Vulnerability

Trust: 1.6

sources: IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5717 // CNNVD: CNNVD-201112-080

DESCRIPTION

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. Versions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information

Trust: 2.88

sources: NVD: CVE-2011-4679 // JVNDB: JVNDB-2011-003299 // CNVD: CNVD-2011-5717 // BID: 51024 // IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52624

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5717

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:ltversion:5.3.0

Trust: 1.8

vendor:vtigermodel:crmscope:eqversion:5.2.1

Trust: 0.9

vendor:vtigermodel:crmscope:eqversion:5.0.4

Trust: 0.9

vendor:vtigermodel:crmscope:eqversion:5.0.3

Trust: 0.9

vendor:vtigermodel:crmscope:lteversion:<=5.2.x

Trust: 0.6

vendor:vtigermodel:crmscope:eqversion:5.1.0

Trust: 0.6

vendor:vtigermodel:crmscope:eqversion:5.0.0

Trust: 0.6

vendor:vtigermodel:crmscope:eqversion:5.2.0

Trust: 0.6

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 0.6

vendor:vtigermodel:crmscope:eqversion:1.0

Trust: 0.6

vendor:vtiger crmmodel: - scope:eqversion:*

Trust: 0.4

vendor:vtigermodel:crmscope:eqversion:5.2

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:4.2.4

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:4.2

Trust: 0.3

vendor:vtigermodel:crm rcscope:eqversion:5.0.4

Trust: 0.3

vendor:vtigermodel:crmscope:neversion:5.3

Trust: 0.3

sources: IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5717 // BID: 51024 // JVNDB: JVNDB-2011-003299 // CNNVD: CNNVD-201112-080 // NVD: CVE-2011-4679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4679
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4679
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2011-5717
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201112-080
value: MEDIUM

Trust: 0.6

IVD: 7d716c21-463f-11e9-be3d-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52624
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4679
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5717
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d716c21-463f-11e9-be3d-000c29342cb1
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52624
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5717 // VULHUB: VHN-52624 // JVNDB: JVNDB-2011-003299 // CNNVD: CNNVD-201112-080 // NVD: CVE-2011-4679

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-52624 // JVNDB: JVNDB-2011-003299 // NVD: CVE-2011-4679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-080

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201112-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003299

PATCH
title:Ticket #7003url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003
Trust: 0.8
title:Ticket #7004url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004
Trust: 0.8
title:Oct2011:ODUpdateurl:http://wiki.vtiger.com/index.php/Oct2011:ODUpdate
Trust: 0.8
title:Patch for vtiger CRM Leads module security vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/37813
Trust: 0.6
title:vtigercrm-521-530-patchurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995
Trust: 0.6
title:vtigercrm-5.3.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994
Trust: 0.6
title:vtigercrm-5.3.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-5717 // 
            
            
            
            JVNDB: JVNDB-2011-003299 // 
            
            
            
            CNNVD: CNNVD-201112-080

EXTERNAL IDS
db:NVDid:CVE-2011-4679
Trust: 3.8
db:CNNVDid:CNNVD-201112-080
Trust: 1.1
db:CNVDid:CNVD-2011-5717
Trust: 1.0
db:JVNDBid:JVNDB-2011-003299
Trust: 0.8
db:BIDid:51024
Trust: 0.4
db:IVDid:7D716C21-463F-11E9-BE3D-000C29342CB1
Trust: 0.2
db:IVDid:57CA12F8-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-52624
Trust: 0.1
sources:
            
            
            IVD: 7d716c21-463f-11e9-be3d-000c29342cb1 // 
            
            
            
            IVD: 57ca12f8-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-5717 // 
            
            
            
            VULHUB: VHN-52624 // 
            
            
            
            BID: 51024 // 
            
            
            
            JVNDB: JVNDB-2011-003299 // 
            
            
            
            CNNVD: CNNVD-201112-080 // 
            
            
            
            NVD: CVE-2011-4679

REFERENCES
url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003
Trust: 2.0
url:http://wiki.vtiger.com/index.php/oct2011:odupdate
Trust: 2.0
url:http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4679
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4679
Trust: 0.8
url:http://www.vtiger.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-5717 // 
            
            
            
            VULHUB: VHN-52624 // 
            
            
            
            BID: 51024 // 
            
            
            
            JVNDB: JVNDB-2011-003299 // 
            
            
            
            CNNVD: CNNVD-201112-080 // 
            
            
            
            NVD: CVE-2011-4679

CREDITS
pratim
Trust: 0.3
sources:
            
            
            BID: 51024

SOURCES
db:IVDid:7d716c21-463f-11e9-be3d-000c29342cb1
db:IVDid:57ca12f8-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5717
db:VULHUBid:VHN-52624
db:BIDid:51024
db:JVNDBid:JVNDB-2011-003299
db:CNNVDid:CNNVD-201112-080
db:NVDid:CVE-2011-4679

LAST UPDATE DATE
2025-04-11T23:15:35.136000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5717date:2011-12-08T00:00:00
db:VULHUBid:VHN-52624date:2017-11-22T00:00:00
db:BIDid:51024date:2011-01-04T00:00:00
db:JVNDBid:JVNDB-2011-003299date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-080date:2011-12-08T00:00:00
db:NVDid:CVE-2011-4679date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:7d716c21-463f-11e9-be3d-000c29342cb1date:2011-12-08T00:00:00
db:IVDid:57ca12f8-2354-11e6-abef-000c29c66e3ddate:2011-12-08T00:00:00
db:CNVDid:CNVD-2011-5717date:2011-12-08T00:00:00
db:VULHUBid:VHN-52624date:2011-12-07T00:00:00
db:BIDid:51024date:2011-01-04T00:00:00
db:JVNDBid:JVNDB-2011-003299date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-080date:2011-12-08T00:00:00
db:NVDid:CVE-2011-4679date:2011-12-07T19:55:02.440