CVE-2023-32062

Name of the Vulnerable Software and Affected Versions OroPlatform versions prior to 5.1.1

Description The issue affects the OroPlatform package, which is used for system and user calendar management. It allows back-office users to access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks.

Recommendations For versions prior to 5.1.1, update to version 5.1.1 to resolve the issue. As a temporary workaround, consider restricting access to calendar events to minimize the risk of exploitation.