Rliebi

**Name of the Vulnerable Software and Affected Versions** Pimcore versions prior to 11.1.6.1 Pimcore versions prior to 11.2.2 **Description** Pimcore is an Open Source Data & Experience Management Platform. Any request including the query argument `?pimcore preview=true` allows viewing of unpublished sites. Previously, session information was required to access previews, limiting access to logged-in users. This is no longer the case, and previews are now broadly accessible to any user, potentially exposing confidential or unreleased information through restricted links. The `?pimcore preview=true` parameter is used to access preview functionality. **Recommendations** Update Pimcore to version 11.1.6.1 or later. Update Pimcore to version 11.2.2 or later.