Search for vulnerabilities
| Vulnerability ID | VCID-p5g5-3z89-63bz |
| Aliases |
CVE-2023-32063
GHSA-897w-jv7j-6r7g |
| Summary | OroCRMCallBundle has incorrect call view page visibility Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85 | ||
| https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950 | ||
| CVE-2023-32063 | https://nvd.nist.gov/vuln/detail/CVE-2023-32063 | |
| GHSA-897w-jv7j-6r7g | https://github.com/advisories/GHSA-897w-jv7j-6r7g | |
| GHSA-897w-jv7j-6r7g | https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:46:25.018386+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/crm-call-bundle/CVE-2023-32063.yml | 38.6.0 |