Details of VAR-202408-1014

ID

VAR-202408-1014

CVE

CVE-2024-42995

TITLE

Vtiger of Vtiger CRM Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022974

DESCRIPTION

VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. Vtiger of Vtiger CRM Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-42995 // JVNDB: JVNDB-2024-022974

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	lte	version:	8.1.0 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2024-022974 // NVD: CVE-2024-42995

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-42995
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-022974
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-42995
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022974
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022974 // NVD: CVE-2024-42995

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022974 // NVD: CVE-2024-42995

EXTERNAL IDS

db:	NVD	id:	CVE-2024-42995	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022974	Trust: 0.8

sources: JVNDB: JVNDB-2024-022974 // NVD: CVE-2024-42995

REFERENCES

url:	https://www.shielder.com/advisories/vtiger-migration-bac/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-42995	Trust: 0.8

sources: JVNDB: JVNDB-2024-022974 // NVD: CVE-2024-42995

SOURCES

db:	JVNDB	id:	JVNDB-2024-022974
db:	NVD	id:	CVE-2024-42995

LAST UPDATE DATE

2025-05-01T23:35:37.694000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022974	date:	2025-04-30T07:03:00
db:	NVD	id:	CVE-2024-42995	date:	2025-04-28T14:09:10.273

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022974	date:	2025-04-30T00:00:00
db:	NVD	id:	CVE-2024-42995	date:	2024-08-16T17:15:15.273