all InfoSec news
Pimcore Multiple Vulnerabilities
Jan. 10, 2024, 1:09 p.m. | Rémy Marot
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered multiple access control vulnerabilities in Pimcore bundles.
Pimcore E-Commerce Framework Bundle
CVE-2024-21665 - Improper Access Control allows unprivileged user to access back-office orders list (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
An authenticated and unauthorized user can access the back-office orders list and is able to query over the information returned without having the privileges.
Proof Of Concept:
In order to reproduce the issue, the following steps can be followed on a Pimcore instance using this feature / …
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Cloud Security Analyst
@ Cloud Peritus | Bengaluru, India
Cyber Program Manager - CISO- United States – Remote
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Network Security Engineer (AEGIS)
@ Peraton | Virginia Beach, VA, United States
SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May
@ EMW, Inc. | Mons, Wallonia, Belgium
Information Systems Security Engineer
@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)