ID

VAR-190001-0859


TITLE

Vtiger CRM \342\200\230graph.php\342\200\231 authentication bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-5585

DESCRIPTION

Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). There is a certificate bypass vulnerability in vtiger CRM. An attacker could exploit the vulnerability to bypass the authentication process and download database backups to modify configuration settings. The vulnerability exists in vtiger CRM version 5.2.1 and other versions may be affected

Trust: 0.99

sources: CNVD: CNVD-2011-5585 // BID: 51192 // IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5585

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:<=5.2.x

Trust: 0.8

vendor:vtigermodel:crmscope:eqversion:5.2.1

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:5.2

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:5.0.4

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:5.0.3

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:4.2.4

Trust: 0.3

vendor:vtigermodel:crmscope:eqversion:4.2

Trust: 0.3

vendor:vtigermodel:crm rcscope:eqversion:5.0.4

Trust: 0.3

vendor:vtigermodel:crmscope:neversion:5.3

Trust: 0.3

sources: IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5585 // BID: 51192

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2011-5585
value: HIGH

Trust: 0.6

IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

CNVD: CNVD-2011-5585
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-464

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 51192

PATCH

title:Vtiger CRM \342\200\230graph.php\342\200\231 authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/35883

Trust: 0.6

sources: CNVD: CNVD-2011-5585

EXTERNAL IDS

db:BIDid:51192

Trust: 1.5

db:CNVDid:CNVD-2011-5585

Trust: 0.8

db:CNNVDid:CNNVD-201112-464

Trust: 0.6

db:IVDid:F23C8D54-1F79-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: f23c8d54-1f79-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5585 // BID: 51192 // CNNVD: CNNVD-201112-464

REFERENCES

url:http://www.securityfocus.com/bid/51192

Trust: 1.2

url:http://www.vtiger.com/

Trust: 0.3

url:http://francoisharvey.ca/2011/12/advisory-meds-2011-01-vtigercrm-anonymous-access-to-setting-module/

Trust: 0.3

sources: CNVD: CNVD-2011-5585 // BID: 51192 // CNNVD: CNNVD-201112-464

CREDITS

Francois Harvey

Trust: 0.9

sources: BID: 51192 // CNNVD: CNNVD-201112-464

SOURCES

db:IVDid:f23c8d54-1f79-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5585
db:BIDid:51192
db:CNNVDid:CNNVD-201112-464

LAST UPDATE DATE

2022-05-17T02:06:55.835000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5585date:2011-12-30T00:00:00
db:BIDid:51192date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-464date:2011-12-30T00:00:00

SOURCES RELEASE DATE

db:IVDid:f23c8d54-1f79-11e6-abef-000c29c66e3ddate:2011-12-30T00:00:00
db:CNVDid:CNVD-2011-5585date:2011-12-30T00:00:00
db:BIDid:51192date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-464date:1900-01-01T00:00:00