CVE-2023-45824

Summary

OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

Affected Software

VendorProductVersion RangeStatus
oroincplatform>=4.2.0, <=4.2.10affected
oroincplatform>=5.0.0, <=5.0.12affected
oroincplatform>= 5.1.0, <= 5.1.3affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References