OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

访问控制不恰当

OroCRM 访问控制错误漏洞

OroCrm是Oro公司的一个开源客户关系管理 (Crm) 应用程序。用于跨多个渠道创建客户的 360° 视图、组织销售渠道、管理帐户和联系信息、与客户沟通、运行营销活动和跟踪活动绩效。 OroCRM 5.1.1之前版本存在访问控制错误漏洞，该漏洞源于后台用户可以访问任何系统日历事件的信息，绕过由于安全检查不足而导致的ACL安全限制。

N/A

N/A