NVD

Id
55752  
Name
CVE-2007-3602  
Description
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.  
Reject
 
CVSS Version
2  
CVSS Score
5.5  
Severity
Medium  
CVSS Base Score
5.5  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-07-06  
Modified Date
2008-09-05  
Seq
2007-3602  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
283462 55752 CVE-2007-3602 http://forums.vtiger.com/viewtopic.php?p=44233  View
283463 55752 CVE-2007-3602 http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245  View
283464 55752 CVE-2007-3602 http://trac.vtiger.com/cgi-bin/trac.cgi/report/9  View
283465 55752 CVE-2007-3602 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57129 JVNDB-2007-005821 vtiger CRM の SOAP Web サービスにおけるデータをアクセスされる脆弱性 vtiger CRM の SOAP Web サービスは、認証されたアカウントがアクティブであることを確認しないため、データをアクセスされる、および変更される脆弱性が存在します。 CVE-2007-3602 26957 CVE-2007-3602 55752 5.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005821.html 2007-02-26 2012-12-20 View