Pimcore Customer Data Framework Vulnerabilities

Pimcore Customer Data Framework vulnerabilities.

11 January 2024

Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
CVE-2024-21667
pimcorecustomer-data-framework6.5MEDIUM
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
CVE-2024-21666
pimcorecustomer-data-framework6.5MEDIUM

30 November 2023

Pimcore missing token/header to prevent CSRF
CVE-2023-49076
pimcorecustomer-data-framework6.5MEDIUM

11 May 2023

Pimcore vulnerable to Business Logic Errors in Customer automation rules
CVE-2023-32075
pimcorecustomer-data-framework4.3MEDIUM

4 August 2021

Pimcore Customer Data Framework 'SegmentAssignmentController.php' Blind SQL Injection
CVE-2021-31867
PimcorePimcore Customer Data ...6.5MEDIUM

No more vulnerabilities to load.