CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
36.2%
Business Logic Errors in the Conditions tab since the counter can be a negative number.
This vulnerability is capable of the unlogic in the counter value in the Conditions tab.
Update to version 3.3.9 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch
Apply https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch manually.
https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/
Vendor | Product | Version | CPE |
---|---|---|---|
pimcore | customer_management_framework | * | cpe:2.3:a:pimcore:customer_management_framework:*:*:*:*:*:pimcore:*:* |
github.com/advisories/GHSA-x99j-r8vv-gwwj
github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch
github.com/pimcore/customer-data-framework/releases/tag/v3.3.9
github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99j-r8vv-gwwj
huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/
nvd.nist.gov/vuln/detail/CVE-2023-32075