CVE-2007-3602

{"id": "CVE-2007-3602", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-06T19:30:00.000", "references": [{"url": "http://forums.vtiger.com/viewtopic.php?p=44233", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245", "source": "cve@mitre.org"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", "source": "cve@mitre.org"}, {"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin."}, {"lang": "es", "value": "El servicio web SOAP en vtiger CRM versiones anteriores a 5.0.3 no asegura que cuentas autenticadas est\u00e9n activas, lo cual permite a atacantes remotos con cuentas inactivas acceder y modificar datos, como se demuestra con el plugin de Thunderbird."}], "lastModified": "2008-09-05T21:26:07.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E8668A7-60BA-45AA-A159-26890ADB6A0A", "versionEndIncluding": "5.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}