NVD

Id
11032  
Name
CVE-2011-4679  
Description
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2011-12-07  
Modified Date
2012-03-07  
Seq
2011-4679  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
61543 11032 CVE-2011-4679 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003  View
61544 11032 CVE-2011-4679 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004  View
61545 11032 CVE-2011-4679 http://wiki.vtiger.com/index.php/Oct2011:ODUpdate  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
33059 JVNDB-2011-003299 vtiger CRM におけるアクセス制限を回避される脆弱性 vtiger CRM は、Leads モジュールにおいてフィールドの無効な状態を適切に認識しないため、アクセス制限を回避される脆弱性が存在します。 CVE-2011-4679 52586 CVE-2011-4679 11032 4 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003299.html 2011-12-07 2011-12-12 View