PT-2023-23578 · Unknown · Orocommerce

Khrysev

Publicado

2023-11-27

Atualizado

2023-12-01

CVE-2023-32064

CVSS v3.1

5.0

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OroCommerce versions prior to 5.0.11 OroCommerce versions prior to 5.1.1

Description The issue allows back-office users to access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks.

Recommendations For versions prior to 5.0.11, update to version 5.0.11 or later to resolve the issue. For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Customer and Customer User menus until a patch is applied.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-32064

GHSA-8GWJ-68W6-7V6C

Produtos afetados

Orocommerce

PT-2023-23578 · Unknown · Orocommerce

CVE-2023-32064

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8