5.5
CVE-2007-3602
- EPSS 1.49%
- Veröffentlicht 06.07.2007 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vtiger ≫ Vtiger Crm Version <= 5.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.707 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
http://forums.vtiger.com/viewtopic.php?p=44233
http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084