CVE-2019-18981
Pimcore before 6.2.2 lacks an Access Denied outcome for a scenario involving an incorrect recipient ID of a notification, enabling potential unauthorized access to resources. Root cause: missing access control in that flow. Remediation: upgrade to Pimcore 6.2.2 or later (patch referenced in linke...