PT-2007-4857 · Mozilla+1 · Thunderbird+1

Jinxed

Published

2007-07-06

Updated

2008-09-05

CVE-2007-3602

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions vtiger CRM versions prior to 5.0.3

Description The issue concerns the SOAP webservice in vtiger CRM, where it fails to verify if an authenticated account is active. This allows remote authenticated users with inactive accounts to access and modify data. An example of this exploit is demonstrated through the Thunderbird plugin.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3602

Affected Products

Thunderbird

Vtiger Crm

PT-2007-4857 · Mozilla+1 · Thunderbird+1

CVE-2007-3602

Related Identifiers

Affected Products

References · 6