Summary
vTiger CRM Authentication Bypass Vulnerability
Impact
A remote attacker can bypass the authentication machanism.
Solution
Apply the patch from the link below or upgrade to version 6.0 or later.
Insight
The installed vTiger CRM is prone to an authentication bypass vulnerability. The vulnerable code is located in the validateSession() function, which is defined in multiple SOAP services.
Affected
vTiger CRM version 5.1.0 to 5.4.0.
Detection
Tries to exploit the vulnerability by calling the respective SOAP call.
References
Severity
Classification
-
CVE CVE-2013-3215 -
CVSS Base Score: 9.4
AV:N/AC:L/Au:N/C:C/I:C/A:N
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- aflog Cookie-Based Authentication Bypass Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability