CVE-2023-32064

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Dec 1, 2023

CWE ID 284

Summary

CVE-2023-32064 is a vulnerability affecting the OroCommerce package, specifically its customer portal and non-authenticated visitor website base features. This issue allows back-end users to bypass Access Control List (ACL) security restrictions and access sensitive information related to Customers and Customer Users in the Customer and Customer User menus. The vulnerability has been addressed in versions 5.0.11 and 5.1.1 of OroCommerce.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Oroinc Orocommerce

Affected Vendors

Oro, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tlsyW2
https://www.cve.org/CVERecord?id=CVE-2023-32064
https://nvd.nist.gov/vuln/detail/CVE-2023-32064

Back to Vulnerability Database