User Role Escalation Vulnerability in Vtiger CRM by Vtiger
CVE-2019-19202

8.8HIGH

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-19202?

The My Preferences feature in Vtiger CRM versions prior to 7.2.0 contains a user role escalation vulnerability. Through a crafted POST request, an attacker can modify their role without having administrative privileges. This allows for unauthorized access and potential abuse of permissions, making it crucial for users of affected versions to be aware of this security flaw and to apply necessary updates or mitigations.

References

https://code.vtiger.com/vtiger/vtigercrm/issues/1126

x_refsource_MISC

http://lists.vtigercrm.com/pipermail/vtigercrm-developers...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Nov 21, 2019