1. CVE-Search
  2. CVE-2007-3602
ID CVE-2007-3602
Summary The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
References
Vulnerable Configurations
  • cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:-:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:it:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:it:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:-:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:*:validation:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:*:validation:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:patch1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:patch1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 05-09-2008 - 21:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
refmap via4
confirm
misc
Last major update 05-09-2008 - 21:26
Published 06-07-2007 - 19:30
Last modified 05-09-2008 - 21:26
Back to Top