Customer Management Framework
CVE-2023-2881
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
AnalysisAI
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-257. Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Affected products include: Pimcore Customer Management Framework. Version information: prior to 3.3.10..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated high severity (CVSS 7.2), this
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Rated medium se
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severi
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rat
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, perso
Same weakness CWE-257 – Storing Passwords in a Recoverable Format
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today