Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3458

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3458
Last Modified 05 Sep 2008 05:43:08
Published 04 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3458

Summary

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

Vulnerable Systems

Application

  • Vtiger Crm 1.0

  • Vtiger Crm 2.0

  • Vtiger Crm 2.0.1

  • Vtiger Crm 2.1

  • Vtiger Crm 3

  • Vtiger Crm 3.0

  • Vtiger Crm 3.2

  • Vtiger Crm 4

  • Vtiger Crm 4.0

  • Vtiger Crm 4.0.1

  • Vtiger Crm 4.2

  • Vtiger Crm 4.2.4

  • Vtiger Crm 5

  • Vtiger Crm 5.0.3


References

BID - 27228

OSVDB - 40218

CONFIRM - http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes

CONFIRM - http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107

MISC - http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=567189

SECUNIA - 28370


Last Updated: 27 May 2016 10:48:12