Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroCRMCallBundle has incorrect call view page visibility
Vulnerability Description
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
OroCRMCallBundle 访问控制错误漏洞
Vulnerability Description
OroCRMCallBundle是Oro公司的一个插件包。 OroCRMCallBundle存在访问控制错误漏洞,该漏洞源于安全检查不足,导致攻击者可以绕过访问控制列表(ACL)的安全限制从而访问任何事件中的信息。受影响的产品版本:OroCRMCallBundle 4.2.0至4.2.5版本,5.0.0至5.0.3版本,5.1.0至5.1.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A