Lucene search
K
PimcoreCustomer Management Framework

9 matches found

CVE
CVE
added 2023/08/03 4:4 p.m.97 views

CVE-2023-4145

CVE-2023-4145 is a stored XSS vulnerability in pimcore/customer-data-framework present in versions prior to 3.4.2. The issue stems from cross-site scripting in the Customer Data Framework that could be triggered via HTML injection in emails, potentially allowing an attacker to influence a victim’...

6.5CVSS5.3AI score0.00538EPSS
CVE
CVE
added 2023/05/11 4:39 p.m.69 views

CVE-2023-32075

Summary of CVE-2023-32075: The Pimcore CMF’s customer-management-framework-bundle is affected in versions before 3.3.9. A business-logic flaw in the Conditions tab allows the counter value to become negative, leading to unlogic in the UI/logic. The issue is fixed in version 3.3.9; patch guidance ...

4.3CVSS4.5AI score0.00763EPSS
CVE
CVE
added 2021/08/04 10:20 p.m.66 views

CVE-2021-31867

CVE-2021-31867 affects Pimcore Customer Data Framework (CDF) v3.0.0 and earlier. The issue is a Boolean-based blind SQL injection in the SegmentAssignmentController.php, where the request parameter id is interpolated into a SQL query, enabling data exposure through crafted requests. The vulnerabi...

7.5CVSS7.5AI score0.01225EPSS
CVE
CVE
added 2023/07/10 8:48 a.m.61 views

CVE-2023-3574

CVE-2023-3574 : The issue affects pimcore/customer-data-framework prior to 3.4.1, where improper authorization checks allow an unauthorized actor to access resources or perform actions. The Red Hat/Veracode/GHSA entries corroborate the same vulnerability description. A patch is available: upgrade...

6.5CVSS6.2AI score0.00444EPSS
CVE
CVE
added 2023/05/25 12:0 a.m.60 views

CVE-2023-2881

Summary: CVE-2023-2881 affects pimcore/customer-data-framework prior to version 3.3.10, where passwords were stored in a recoverable format. The issue stems from how password hashes are handled in the customer data views, enabling potential disclosure of password hashes. Affected component: pimco...

6.7CVSS5.2AI score0.00547EPSS
CVE
CVE
added 2023/05/17 12:0 a.m.59 views

CVE-2023-2756

CVE-2023-2756 is a SQL injection vulnerability in Pimcore’s customer-data-framework prior to version 3.3.10. The issue affects the Pimcore product/component and is rooted in insecure handling of SQL queries within the segment/authorization logic, allowing an administrator-like user to execute arb...

7.2CVSS7AI score0.00935EPSS
CVE
CVE
added 2024/01/11 1:5 a.m.58 views

CVE-2024-21667

The CVE-2024-21667 issue affects Pimcore's customer-data-framework. An authenticated user lacking proper permissions can access the GDPR data extraction endpoint at /admin/customermanagementframework/gdpr-data/search-data-objects and query the results, exposing PII. Root cause: access control not...

6.5CVSS6.2AI score0.00588EPSS
CVE
CVE
added 2024/01/11 12:45 a.m.55 views

CVE-2024-21666

PIMCORE CVE-2024-21666 affects the Pimcore Customer Management Framework (CMF). The issue is an improper access control in the DuplicatesController that allows an authenticated user without required permissions—and in practice, unauthorized users as well—to access the duplicates list endpoint at ...

6.5CVSS6.3AI score0.00564EPSS
CVE
CVE
added 2023/05/10 12:0 a.m.54 views

CVE-2023-2629

The CVE-2023-2629 entry describes a CSV Injection vulnerability in pimcore/customer-data-framework (GitHub repo) prior to version 3.3.9. The root cause is Improper Neutralization/Escaping of formula elements in CSV exports, notably in fields like Firstname, Lastname, Street, Zip, and City, which ...

7.8CVSS6.1AI score0.00406EPSS