4 matches found
Improper Authorization in "Customer automation rules" function
Description The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions. Proof of Concept The user does not have permission to delete the rule. Location - GET /admin/customermanagementframework/rules/list - POST...
GHSA-X99J-R8VV-GWWJ Pimcore vulnerable to Business Logic Errors via Customer automation rules
Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...
CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...