Lucene search

AdobeCVE-2022-35692

HistoryAug 19, 2022 - 11:15 p.m.

CVE-2022-35692

2022-08-1923:15:09

CWE-863

adobe

web.nvd.nist.gov

cve-2022-35692

adobe commerce

improper access control

security feature bypass

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user’s account detials. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd

Vulners

Node

adobecommerceRange2.4.0–2.4.4

adobemagento_commerceMatch2.3.7-

adobemagento_commerceMatch2.3.7p1

adobemagento_commerceMatch2.3.7p2

adobemagento_commerceMatch2.3.7p3

adobemagento_commerceMatch2.4.3-

adobemagento_commerceMatch2.4.3p1

adobemagento_commerceMatch2.4.3p2

adobemagento_commerceMatch2.4.4-

VendorProductVersionCPE
adobecommerce*cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
adobemagento_commerce2.3.7cpe:2.3:a:adobe:magento_commerce:2.3.7:-:*:*:*:*:*:*
adobemagento_commerce2.3.7cpe:2.3:a:adobe:magento_commerce:2.3.7:p1:*:*:*:*:*:*
adobemagento_commerce2.3.7cpe:2.3:a:adobe:magento_commerce:2.3.7:p2:*:*:*:*:*:*
adobemagento_commerce2.3.7cpe:2.3:a:adobe:magento_commerce:2.3.7:p3:*:*:*:*:*:*
adobemagento_commerce2.4.3cpe:2.3:a:adobe:magento_commerce:2.4.3:-:*:*:*:*:*:*
adobemagento_commerce2.4.3cpe:2.3:a:adobe:magento_commerce:2.4.3:p1:*:*:*:*:*:*
adobemagento_commerce2.4.3cpe:2.3:a:adobe:magento_commerce:2.4.3:p2:*:*:*:*:*:*
adobemagento_commerce2.4.4cpe:2.3:a:adobe:magento_commerce:2.4.4:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	commerce	*	cpe:2.3:a:adobe:commerce::::::::
adobe	magento_commerce	2.3.7	cpe:2.3:a:adobe:magento_commerce:2.3.7:-::::::
adobe	magento_commerce	2.3.7	cpe:2.3:a:adobe:magento_commerce:2.3.7:p1::::::
adobe	magento_commerce	2.3.7	cpe:2.3:a:adobe:magento_commerce:2.3.7:p2::::::
adobe	magento_commerce	2.3.7	cpe:2.3:a:adobe:magento_commerce:2.3.7:p3::::::
adobe	magento_commerce	2.4.3	cpe:2.3:a:adobe:magento_commerce:2.4.3:-::::::
adobe	magento_commerce	2.4.3	cpe:2.3:a:adobe:magento_commerce:2.4.3:p1::::::
adobe	magento_commerce	2.4.3	cpe:2.3:a:adobe:magento_commerce:2.4.3:p2::::::
adobe	magento_commerce	2.4.4	cpe:2.3:a:adobe:magento_commerce:2.4.4:-::::::

CNA Affected

[
  {
    "product": "Magento Commerce",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.3.7-p3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.4.3-p2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/magento/apsb22-38.html

Social References

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Related for CVE-2022-35692