CVE-2007-3602

Name of the Vulnerable Software and Affected Versions vtiger CRM versions prior to 5.0.3

Description The issue concerns the SOAP webservice in vtiger CRM, where it fails to verify if an authenticated account is active. This allows remote authenticated users with inactive accounts to access and modify data. An example of this exploit is demonstrated through the Thunderbird plugin.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue.