Customer-data-framework CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-4145	1 Pimcore	2 Customer-data-framework, Customer Management Framework	2026-03-06	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
CVE-2024-11956	1 Pimcore	2 Customer-data-framework, Pimcore	2025-11-04	4.7 Medium
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-3574	1 Pimcore	2 Customer-data-framework, Customer Management Framework	2024-11-21	6.5 Medium
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.

Page 1 of 1.