Improper Access Control
oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...