CVE-2023-22250

Published: Mar 27, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: psirt@adobe.com (Secondary)

Description

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

Affected (12)

Products: Adobe: Commerce, Magento Open Source

Adobe

2 products

Commerce

Magento Open Source

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Adobe Commerce	Before 2.4.4
Adobe Commerce	Version 2.4.4
Adobe Commerce	Version 2.4.4 p1
Adobe Commerce	Version 2.4.4 p2
Adobe Commerce	Version 2.4.5
Adobe Commerce	Version 2.4.5 p1
Adobe Magento Open Source	Before 2.4.4
Adobe Magento Open Source	Version 2.4.4
Adobe Magento Open Source	Version 2.4.4 p1
Adobe Magento Open Source	Version 2.4.4 p2
Adobe Magento Open Source	Version 2.4.5
Adobe Magento Open Source	Version 2.4.5 p1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://helpx.adobe.com/security/products/magento/apsb23-17.html

Source: psirt@adobe.com

Release NotesVendor Advisory

https://helpx.adobe.com/security/products/magento/apsb23-17.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.