pimcore/customer-management-framework-bundle
Packagist9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pimcore/customer-management-framework-bundlepage 1 of 1
- CVE-2023-2629HIGHCVSS 7.8EG 7.8✓ Fixed in 3.3.92023-05-10
vulnerable: 1.0.0 ... v3.3.8 (138 versions)
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
- CVE-2023-2756HIGHCVSS 7.2EG 7.2✓ Fixed in 3.3.102023-05-17
vulnerable: 1.0.0 ... v3.3.9 (139 versions)
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
- CVE-2023-2881MEDIUMCVSS 4.9EG 4.9✓ Fixed in 3.3.102023-05-25
vulnerable: 1.0.0 ... v3.3.9 (139 versions)
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
- CVE-2023-32075MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.3.92023-05-11
vulnerable: 1.0.0 ... v3.3.8 (138 versions)
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since…
- CVE-2023-3574MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.4.12023-07-10
vulnerable: 1.0.0 ... v3.4.0 (141 versions)
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.
- CVE-2023-4145MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.4.22023-08-03
vulnerable: 1.0.0 ... v3.4.1 (142 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
- CVE-2024-11956MEDIUMCVSS 4.7EG 4.7✓ Fixed in 4.2.12025-01-28
vulnerable: 1.0.0 ... v4.2.0-RC1 (165 versions)
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manip…
- CVE-2024-21666MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.0.62024-01-11
vulnerable: 1.0.0 ... v4.0.5 (156 versions)
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate …
- CVE-2024-21667MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.0.62024-01-11
vulnerable: 1.0.0 ... v4.0.5 (156 versions)
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned…
Check whether pimcore/customer-management-framework-bundle is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pimcore/customer-management-framework-bundle CVEs against the assets you own.
Start Free Scan →