CVE-2022-24086

Published: Feb 16, 2022Modified: Oct 23, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@adobe.com (Secondary)

Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Affected (14)

Products: Adobe: Commerce, Magento

Adobe

2 products

Commerce

Magento

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Adobe Commerce	Before 2.3.0
Adobe Commerce	From 2.3.3 to 2.3.6
Adobe Commerce	From 2.4.0 to 2.4.2
Adobe Commerce	Version 2.3.7 p1
Adobe Commerce	Version 2.3.7 p2
Adobe Commerce	Version 2.4.3
Adobe Commerce	Version 2.4.3 p1
Adobe Magento	Before 2.3.0
Adobe Magento	After 2.3.3 to 2.3.6
Adobe Magento	From 2.4.0 to 2.4.2
Adobe Magento	Version 2.3.7 p1
Adobe Magento	Version 2.3.7 p2
Adobe Magento	Version 2.4.3
Adobe Magento	Version 2.4.3 p1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

https://helpx.adobe.com/security/products/magento/apsb22-12.html

Source: psirt@adobe.com

PatchRelease NotesVendor Advisory

https://helpx.adobe.com/security/products/magento/apsb22-12.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.