Putzflorian

**Name of the Vulnerable Software and Affected Versions** Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 **Description** Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the `http error log` file stores the `$ COOKIE` and `$ SERVER` variables. This can lead to the exposure of sensitive information, including database passwords and cookie session data, accessible through the Pimcore backend. **Recommendations** Versions prior to 12.3.1 should be updated to version 12.3.1 or later. Versions prior to 11.5.14 should be updated to version 11.5.14 or later.