Sign-up

ID

VAR-202101-0285


CVE

CVE-2020-19363


TITLE

Vtiger CRM  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015545

DESCRIPTION

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. Vtiger CRM Contains an information disclosure vulnerability.Information may be obtained. Vtiger CRM is a customer relationship management system (CRM) developed by Vtiger in the United States based on SugarCRM. The management system provides functions such as management, collection, and analysis of customer information. Vtiger CRM v7.2.0 has a path traversal vulnerability

Trust: 2.25

sources: NVD: CVE-2020-19363 // JVNDB: JVNDB-2020-015545 // CNVD: CNVD-2021-05456 // VULHUB: VHN-172734

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-05456

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:7.2.0

Trust: 2.4

vendor:vtigermodel:crmscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-05456 // JVNDB: JVNDB-2020-015545 // NVD: CVE-2020-19363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-19363
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-19363
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-05456
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202101-1539
value: MEDIUM

Trust: 0.6

VULHUB: VHN-172734
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-19363
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-05456
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-172734
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-19363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-19363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-05456 // VULHUB: VHN-172734 // JVNDB: JVNDB-2020-015545 // CNNVD: CNNVD-202101-1539 // NVD: CVE-2020-19363

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-172734 // JVNDB: JVNDB-2020-015545 // NVD: CVE-2020-19363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1539

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1539

PATCH

title:Vtiger Open Source Edition 7.4.0url:https://www.vtiger.com/open-source-crm/download-open-source/

Trust: 0.8

sources: JVNDB: JVNDB-2020-015545

EXTERNAL IDS

db:NVDid:CVE-2020-19363

Trust: 3.1

db:JVNDBid:JVNDB-2020-015545

Trust: 0.8

db:CNVDid:CNVD-2021-05456

Trust: 0.6

db:CNNVDid:CNNVD-202101-1539

Trust: 0.6

db:VULHUBid:VHN-172734

Trust: 0.1

sources: CNVD: CNVD-2021-05456 // VULHUB: VHN-172734 // JVNDB: JVNDB-2020-015545 // CNNVD: CNNVD-202101-1539 // NVD: CVE-2020-19363

REFERENCES

url:https://github.com/emreovunc/vtiger-crm-vulnerabilities/

Trust: 2.5

url:https://emreovunc.com/blog/en/vtiger_crm_directorylisting_01.png

Trust: 2.3

url:https://emreovunc.com/blog/en/vtiger_crm_directorylisting_02.png

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-19363

Trust: 0.8

sources: CNVD: CNVD-2021-05456 // VULHUB: VHN-172734 // JVNDB: JVNDB-2020-015545 // CNNVD: CNNVD-202101-1539 // NVD: CVE-2020-19363

SOURCES

db:CNVDid:CNVD-2021-05456
db:VULHUBid:VHN-172734
db:JVNDBid:JVNDB-2020-015545
db:CNNVDid:CNNVD-202101-1539
db:NVDid:CVE-2020-19363

LAST UPDATE DATE

2024-11-23T23:01:10.346000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-05456date:2021-02-03T00:00:00
db:VULHUBid:VHN-172734date:2021-01-22T00:00:00
db:JVNDBid:JVNDB-2020-015545date:2021-10-04T07:58:00
db:CNNVDid:CNNVD-202101-1539date:2021-01-25T00:00:00
db:NVDid:CVE-2020-19363date:2024-11-21T05:09:09.387

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-05456date:2021-01-24T00:00:00
db:VULHUBid:VHN-172734date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2020-015545date:2021-10-04T00:00:00
db:CNNVDid:CNNVD-202101-1539date:2021-01-20T00:00:00
db:NVDid:CVE-2020-19363date:2021-01-20T01:15:13.397