Vulnerabilities > CVE-2023-32075 - Unspecified vulnerability in Pimcore Customer Management Framework
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
Vulnerable Configurations
References
- https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch
- https://github.com/pimcore/customer-data-framework/releases/tag/v3.3.9
- https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99j-r8vv-gwwj
- https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/
- https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch
- https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/
- https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99j-r8vv-gwwj
- https://github.com/pimcore/customer-data-framework/releases/tag/v3.3.9