Vulnerability Description
The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crm Ctt | Interleave | <= 4.2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27874Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=558602&group_id=61096Patch
- http://www.securityfocus.com/bid/26685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38808
- http://secunia.com/advisories/27874Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=558602&group_id=61096Patch
- http://www.securityfocus.com/bid/26685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38808
FAQ
What is CVE-2007-6222?
CVE-2007-6222 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMIT...
How severe is CVE-2007-6222?
CVE-2007-6222 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6222?
Check the references section above for vendor advisories and patch information. Affected products include: Crm Ctt Interleave.