Security Advisory

CVE-2023-32064

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-28 03:34:17

Last updated 2024-08-02 15:03:28

Assigner GitHub_M

State PUBLISHED

Description

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.

← Browse all CVEs View on cve.org ↗