4 matches found
CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...
OroCRMCallBundle Access Control Error Vulnerability
OroCRMCallBundle is a plugin package from Oro. An Access Control Error vulnerability exists in OroCRMCallBundle, which stems from insufficient security checks and allows an attacker to bypass the security restrictions of an Access Control List ACL to access information in any event. Affected...
GHSA-897W-JV7J-6R7G OroCRMCallBundle has incorrect call view page visibility
Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks...
OroCRMCallBundle has incorrect call view page visibility
Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks...