Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list

🗓️ 10 Jan 2024 15:38:14Reported by GoogleType

osv🔗 osv.dev👁 12 Views

Pimcore Ecommerce Framework Bundle improper access control allows unauthorized access to back-office orders list

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
OSV	CVE-2024-21665	11 Jan 202401:15	–	osv
Prion	Spoofing	11 Jan 202401:15	–	prion
Cvelist	CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list	11 Jan 202400:39	–	cvelist
Github Security Blog	Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list	10 Jan 202415:14	–	github
Veracode	Improper Authorization	11 Jan 202405:56	–	veracode
NVD	CVE-2024-21665	11 Jan 202401:15	–	nvd
CVE	CVE-2024-21665	11 Jan 202401:15	–	cve

Source	Link
github	www.github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-21665
github	www.github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e
github	www.github.com/pimcore/ecommerce-framework-bundle
github	www.github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php
github	www.github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Jan 2024 15:14Current

6.7Medium risk

Vulners AI Score6.7

CVSS34.3

EPSS0.00004