Customer Management Framework
Approved changes feed: RSS · Atom
cpe:2.3:a:pimcore:customer_management_framework:*:*:*:*:*:pimcore:*:*
part: a version: * update: *
| Vendor | Pimcore (115a8b86-56a6-5ce9-b491-b05cfe687e20) |
|---|---|
| Product | Customer Management Framework (05f6e74e-d83b-5a75-9631-8de28657ab50) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | pimcore |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/pimcore/customer-data-framework |
purl2cpe | 2026-06-01 10:15:13.605476 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21667 |
vulnerable | 2026-06-03 14:54:50.439065 |
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
MEDIUM (6.5)
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.
Published: 2024-01-11T01:05:35.979Z
Updated: 2025-06-17T21:09:16.182Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21666 |
vulnerable | 2026-06-03 14:54:50.438599 |
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
MEDIUM (6.5)
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.
Published: 2024-01-11T00:45:44.520Z
Updated: 2025-06-03T14:25:35.995Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4145 |
vulnerable | 2026-06-03 14:53:27.380174 |
Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework
MEDIUM (6.5)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
Published: 2023-08-03T16:04:11.248Z
Updated: 2024-10-11T18:18:22.385Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3574 |
vulnerable | 2026-06-03 14:52:41.212920 |
Improper Authorization in pimcore/customer-data-framework
MEDIUM (6.3)
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.
Published: 2023-07-10T08:48:31.650Z
Updated: 2024-10-30T14:35:46.384Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32075 |
vulnerable | 2026-06-03 14:51:57.498520 |
Pimcore vulnerable to Business Logic Errors in Customer automation rules
MEDIUM (4.3)
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
Published: 2023-05-11T16:39:37.634Z
Updated: 2025-01-24T16:38:09.717Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2881 |
vulnerable | 2026-06-03 14:51:44.603057 |
Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
MEDIUM (6.7)
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
Published: 2023-05-25T00:00:00.000Z
Updated: 2025-01-16T15:15:04.522Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2756 |
vulnerable | 2026-06-03 14:51:43.830227 |
SQL Injection in pimcore/customer-data-framework
MEDIUM (6.5)
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
Published: 2023-05-17T00:00:00.000Z
Updated: 2025-01-22T18:08:00.855Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2629 |
vulnerable | 2026-06-03 14:51:43.548321 |
Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework
MEDIUM (5)
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
Published: 2023-05-10T00:00:00.000Z
Updated: 2025-01-27T19:40:22.120Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.