CVE-2007-3602
Severity Score
5.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
El servicio web SOAP en vtiger CRM versiones anteriores a 5.0.3 no asegura que cuentas autenticadas estén activas, lo cual permite a atacantes remotos con cuentas inactivas acceder y modificar datos, como se demuestra con el plugin de Thunderbird.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-07-06 CVE Reserved
- 2007-07-06 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245 | X_refsource_misc | |
| http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 | X_refsource_confirm | |
| http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://forums.vtiger.com/viewtopic.php?p=44233 | 2008-09-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vtiger Search vendor "Vtiger" | Vtiger Crm Search vendor "Vtiger" for product "Vtiger Crm" | <= 5.0.2 Search vendor "Vtiger" for product "Vtiger Crm" and version " <= 5.0.2" | - |
Affected
| ||||||