CVE-2023-32063

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Dec 1, 2023

CWE ID 284

Summary

CVE-2023-32063 affects OroCalendarBundle, a feature utilized in Oro applications for calendar functionality. This vulnerability enables back-end users to access call event information that should be restricted based on Access Control List (ACL) security checks. The issue has been addressed with the release of versions 5.0.4 and 5.1.1, where sufficient security measures have been implemented to prevent unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Oro, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tlrn2P
https://www.cve.org/CVERecord?id=CVE-2023-32063
https://nvd.nist.gov/vuln/detail/CVE-2023-32063

Back to Vulnerability Database

CVE-2023-32063

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations