2 matches found
CVE-2021-39198
CVE-2021-39198 affects OroCRM. Multiple sources confirm a CSRF flaw that allows an attacker to disqualify a Lead via the disqualifyAction without a valid CSRF token. Root cause cited in Veracode advisories as an insufficient permissions check in the action handler. Impact is scaleable: leads can ...
CVE-2023-32063
The CVE-2023-32063 issue affects OroCalendarBundle (used with Oro CRM/Oro applications) where back-office users can access information from any call event due to insufficient ACL checks. Root cause: security checks in the ACL layer were not properly enforced, enabling information disclosure. Impa...