Lucene search
K

4 matches found

Huntr
Huntr
added 2023/05/28 11:48 a.m.15 views

Improper Authorization in "Customer automation rules" function

Description The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions. Proof of Concept The user does not have permission to delete the rule. Location - GET /admin/customermanagementframework/rules/list - POST...

6.4CVSS6.7AI score0.00444EPSS
Exploits1
OSV
OSV
added 2023/05/11 4:39 p.m.37 views

GHSA-X99J-R8VV-GWWJ Pimcore vulnerable to Business Logic Errors via Customer automation rules

Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...

4.3CVSS4.4AI score0.00763EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/05/11 4:39 p.m.28 views

Pimcore vulnerable to Business Logic Errors via Customer automation rules

Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...

4.3CVSS6.3AI score0.00763EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/11 4:39 p.m.10 views

CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

4.3CVSS6.7AI score0.00763EPSS
Exploits1References4
Rows per page
Query Builder