Insufficient Security Checks in OroCalendarBundle Allows Bypassing ACL Restrictions

Insufficient Security Checks in OroCalendarBundle Allows Bypassing ACL Restrictions

CVE-2023-32063 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

Learn more about our Cis Benchmark Audit For Microsoft Office.