1. CVE-Search
  2. CVE-2007-3604
ID CVE-2007-3604
Summary vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
References
Vulnerable Configurations
  • cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:-:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:it:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:it:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:-:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:beta:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:*:validation:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:*:validation:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2:patch1:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2:patch1:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 13-11-2008 - 06:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
confirm
misc http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423
osvdb 45783
Last major update 13-11-2008 - 06:42
Published 06-07-2007 - 19:30
Last modified 13-11-2008 - 06:42
Back to Top