Main Vulnerability Database Vulnerabilities #VU33660

#VU33660 Improper Authentication - CVE-2013-3215

Published: January 29, 2020 / Updated: August 4, 2020

Vulnerability identifier: #VU33660

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2013-3215

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/61559
https://exchange.xforce.ibmcloud.com/vulnerabilities/86163

#VU33660 Improper Authentication - CVE-2013-3215

Description

Remediation

External links

Please verify you're human