4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
oro/platform is vulnerable to Unauthorized Access. The vulnerability is due to inadequate access control measures within the OroPlatform’s handling of page state data, which allows logged-in users to access the page state data of pinned pages belonging to other users by exploiting pageId hashes.
CPE | Name | Operator | Version |
---|---|---|---|
oro/platform | le | 5.0.12 | |
oro/platform | le | 4.2.10 | |
oro/platform | le | 5.1.3 | |
oro/platform | le | 5.0.12 | |
oro/platform | le | 4.2.10 | |
oro/platform | le | 5.1.3 |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%