Vulnerability Details CVE-2023-32062
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 5.0
References
- https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
- https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
- https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
- https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
- https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
- https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
Products affected by CVE-2023-32062
-
cpe:2.3:a:oroinc:oroplatform:4.2.0
-
cpe:2.3:a:oroinc:oroplatform:4.2.1
-
cpe:2.3:a:oroinc:oroplatform:4.2.2
-
cpe:2.3:a:oroinc:oroplatform:4.2.3
-
cpe:2.3:a:oroinc:oroplatform:4.2.4
-
cpe:2.3:a:oroinc:oroplatform:4.2.5
-
cpe:2.3:a:oroinc:oroplatform:4.2.6
-
cpe:2.3:a:oroinc:oroplatform:5.0.0
-
cpe:2.3:a:oroinc:oroplatform:5.0.1
-
cpe:2.3:a:oroinc:oroplatform:5.0.2
-
cpe:2.3:a:oroinc:oroplatform:5.0.3
-
cpe:2.3:a:oroinc:oroplatform:5.0.4
-
cpe:2.3:a:oroinc:oroplatform:5.0.5
-
cpe:2.3:a:oroinc:oroplatform:5.0.6
-
cpe:2.3:a:oroinc:oroplatform:5.1.0