Vulnerability Description
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | <= 5.0.2 |
References
- http://forums.vtiger.com/viewtopic.php?p=44233Patch
- http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245
- http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
- http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084
- http://forums.vtiger.com/viewtopic.php?p=44233Patch
- http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245
- http://trac.vtiger.com/cgi-bin/trac.cgi/report/9
- http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084
FAQ
What is CVE-2007-3602?
CVE-2007-3602 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demo...
How severe is CVE-2007-3602?
CVE-2007-3602 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3602?
Check the references section above for vendor advisories and patch information. Affected products include: Vtiger Vtiger Crm.