CVE-2023-32062

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32062
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b Patch
https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 Patch
https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g Vendor Advisory
https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b Patch
https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 Patch
https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*
cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*
cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:02

Type Values Removed Values Added
References () https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b - Patch () https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b - Patch
References () https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 - Patch () https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 - Patch
References () https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g - Vendor Advisory () https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g - Vendor Advisory
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 5.0

01 Dec 2023, 19:23

Type Values Removed Values Added
First Time Oroinc oroplatform
Oroinc
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*
References () https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b - () https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b - Patch
References () https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g - () https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g - Vendor Advisory
References () https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 - () https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 - Patch

27 Nov 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-27 22:15

Updated : 2024-11-21 08:02

NVD link : CVE-2023-32062

Mitre link : CVE-2023-32062

CVE.ORG link : CVE-2023-32062

JSON object : View

Products Affected

oroinc

  • oroplatform
CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024