CVE-2007-3604

high

Description

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.

References

http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196

http://trac.vtiger.com/cgi-bin/trac.cgi/report/9

http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423

http://osvdb.org/45783

http://forums.vtiger.com/viewtopic.php?p=44717

Details

Source: Mitre, NVD

Published: 2007-07-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00223