CVE-2023-32063

Published
View on NVD ↗
CVSS v3
5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

oroinc/crm
oroinc/crm
Main OroCRM package with core functionality.
GitHubGitHub
680
oroinc/OroCRMCallBundle
oroinc/OroCRMCallBundle
OroPlatform package, enables calls management.
GitHubGitHub
5