CVE Vulnerabilities

CVE-2024-42995

Improper Privilege Management

Published: Aug 16, 2024 | Modified: Aug 19, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the Migration administrative module to disable arbitrary modules.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References