Lucene search
PRIOn knowledge basePRION:CVE-2023-32062HistoryNov 27, 2023 - 10:15 p.m.
Security feature bypass
2023-11-2722:15:00
PRIOn knowledge base
www.prio-n.com
4
oroplatform
calendar management
security feature bypass
acl
vulnerability
patch
version 5.1.1
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| oroplatform | ge | 5.1.0 | |
| oroplatform | lt | 5.1.1 | |
| oroplatform | ge | 5.0.0 | |
| oroplatform | lt | 5.0.7 | |
| oroplatform | ge | 4.2.0 | |
| oroplatform | le | 4.2.6 |
Related
osv
osv
CVE-2023-32062
2023-11-27 22:15:07
OroCalendarBundle has incorrect system calendar events visibility
2023-11-27 23:29:11
nvd
nvd
CVE-2023-32062
2023-11-27 22:15:07
github
github
OroCalendarBundle has incorrect system calendar events visibility
2023-11-27 23:29:11
veracode
veracode
Improper Access Control
2023-11-29 06:20:18
cve
cve
CVE-2023-32062
2023-11-27 22:15:07
cvelist
cvelist