CVE-2023-32075 — MEDIUM (4.3)

Q: How severe is CVE-2023-32075?

CVE-2023-32075 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-32075?

Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Customer Management Framework.

Vulnerability Description

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pimcore	Customer Management Framework	< 3.3.9

Related Weaknesses (CWE)

CWE-20

References

https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6Patch
https://github.com/pimcore/customer-data-framework/releases/tag/v3.3.9Release Notes
https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99jMitigationPatchVendor Advisory
https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/ExploitThird Party Advisory
https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6Patch
https://github.com/pimcore/customer-data-framework/releases/tag/v3.3.9Release Notes
https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99jMitigationPatchVendor Advisory
https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/ExploitThird Party Advisory

FAQ

What is CVE-2023-32075?

CVE-2023-32075 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are...

How severe is CVE-2023-32075?

CVE-2023-32075 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-32075?

Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Customer Management Framework.