What is CVE-2016-4834?

CVE-2016-4834 is a high-severity vulnerability in Vtiger Vtiger_crm, classified under CWE-264. CVSS score: 8.1/10. Published 2016-08-01.

How severe is CVE-2016-4834?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Vtiger Vtiger_crm

CVE-2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Vtiger Vtiger_crm
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

92076 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
JVN#01956993 (x_refsource_JVN, Third Party Advisory, VDB Entry, third-party-advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Issue Tracking)
JVNDB-2016-000126 (x_refsource_JVNDB, Third Party Advisory, VDB Entry, third-party-advisory)
1036485 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-4834?: CVE-2016-4834 is a high-severity vulnerability in Vtiger Vtiger_crm, classified under CWE-264. CVSS score: 8.1/10. Published 2016-08-01.
How severe is CVE-2016-4834?: High severity. CVSS v3 base score is 8.1 out of 10.