Yurii Muratov

CVE-2023-32062 WRITEUP MEDIUM WRITEUP

OroPlatform 4.2.0-4.2.5 - Improper Access Control in Calendar Event Handling

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

CVSS 5.0

View Code

CVE-2023-32063 WRITEUP MEDIUM WRITEUP

Oroinc Client Relationship Management - Improper Access Control

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

CVSS 5.0

View Code

CVE-2023-32062 WRITEUP MEDIUM WRITEUP

OroPlatform 4.2.0-4.2.5 - Improper Access Control in Calendar Event Handling

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

CVSS 5.0

View Code

CVE-2023-32063 WRITEUP MEDIUM WRITEUP

Oroinc Client Relationship Management - Improper Access Control

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

CVSS 5.0

View Code