Authentication Bypass in vtiger CRM by vtiger
CVE-2013-3215

9.8CRITICAL

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 29 January 2020

What is CVE-2013-3215?

The vtiger CRM platform version 5.4.0 and earlier versions exhibit a vulnerability that allows attackers to bypass authentication mechanisms due to insufficient validation in the validateSession function. This flaw could enable unauthorized access to sensitive data and user accounts, posing significant security risks. It is essential for users and administrators to update affected versions and implement appropriate security measures to protect their systems.

References

http://www.securityfocus.com/bid/61559

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/86163

vdb-entryx_refsource_XF

EPSS Score

77% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2020
Vulnerability Reserved
Apr 20, 2013

Vtiger

What is CVE-2013-3215?

References

EPSS Score

CVSS V3.1

Timeline