2 matches found
CVE-2023-32063
The CVE-2023-32063 issue affects OroCalendarBundle (used with Oro CRM/Oro applications) where back-office users can access information from any call event due to insufficient ACL checks. Root cause: security checks in the ACL layer were not properly enforced, enabling information disclosure. Impa...
CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...