Published:2016/07/20  Last Updated:2016/07/20

JVN#01956993
Vtiger CRM does not properly restrict access to application data

Overview

Vtiger CRM contains a vulnerability where it does not properly restrict access to application data.

Products Affected

  • Vtiger CRM 6.4.0 and earlier

Description

Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data.

Impact

A user with user privileges may create new users or alter existing user information.

Solution

Update the software
Update the software according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score: 5.4
CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score: 5.5

Credit

Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2016-4834
JVN iPedia JVNDB-2016-000126