Home > Vulnerability Database > CVE-2023-32064

Mend.io Vulnerability Database

CVE-2023-32064

Good to know:

Date: November 27, 2023

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.

Language: PHP

Severity Score

5.0

Related Resources (4)

Url: https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32064

Url: https://github.com/oroinc/orocommerce

Url: https://www.mend.io/vulnerability-database/CVE-2023-32064

Severity Score

5.0

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 5.0.11,5.1.1

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32064

Good to know:

Date: November 27, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?