VTiger CRM Privilege Escalation Vulnerability
CVE-2024-42995

8.3HIGH

Key Information:

Vendor

VTiger

Vendor
CVE Published:
16 August 2024

What is CVE-2024-42995?

VTiger CRM, specifically versions up to 8.1.0, contains a vulnerability where user privileges are not properly validated. This flaw allows users with low privileges to directly access the Migration administrative module. Consequently, these low-privileged users can inadvertently or maliciously disable arbitrary modules, potentially leading to disruption of services and unauthorized access to sensitive features within the software.

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.