Lucene search
PRIOn knowledge basePRION:CVE-2023-32064HistoryNov 28, 2023 - 4:15 a.m.
Security feature bypass
2023-11-2804:15:00
PRIOn knowledge base
www.prio-n.com
4
orocommerce
customer portal
back-office users
security restrictions
insufficient checks
nvd
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| orocommerce | ge | 5.1.0 | |
| orocommerce | lt | 5.1.1 | |
| orocommerce | ge | 5.0.0 | |
| orocommerce | lt | 5.0.11 | |
| orocommerce | ge | 4.2.0 | |
| orocommerce | le | 4.2.8 |
Related
veracode
veracode
Information Disclosure
2023-11-29 09:18:13
osv
osv
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
2023-11-27 23:29:37
CVE-2023-32064
2023-11-28 04:15:07
nvd
nvd
CVE-2023-32064
2023-11-28 04:15:07
cve
cve
CVE-2023-32064
2023-11-28 04:15:07
cvelist
cvelist
github
github