Jinxed

**Name of the Vulnerable Software and Affected Versions** vtiger CRM versions prior to 5.0.3 **Description** The issue concerns the SOAP webservice in vtiger CRM, where it fails to verify if an authenticated account is active. This allows remote authenticated users with inactive accounts to access and modify data. An example of this exploit is demonstrated through the Thunderbird plugin. **Recommendations** For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue.