Lucene search

AdobeCVE-2023-22250

HistoryMar 27, 2023 - 9:15 p.m.

CVE-2023-22250

2023-03-2721:15:10

CWE-284

adobe

web.nvd.nist.gov

cve-2023-22250

adobe commerce

access control

security bypass

vulnerability

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

35.7%

JSON

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd

Vulners

Node

adobecommerceRange<2.4.4

adobecommerceMatch2.4.4-

adobecommerceMatch2.4.4p1

adobecommerceMatch2.4.4p2

adobecommerceMatch2.4.5-

adobecommerceMatch2.4.5p1

adobemagento_open_sourceRange<2.4.4

adobemagento_open_sourceMatch2.4.4-

adobemagento_open_sourceMatch2.4.4p1

adobemagento_open_sourceMatch2.4.4p2

adobemagento_open_sourceMatch2.4.5-

adobemagento_open_sourceMatch2.4.5p1

VendorProductVersionCPE
adobecommerce*cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
adobecommerce2.4.5cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
adobecommerce2.4.5cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
adobemagento_open_source*cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*
adobemagento_open_source2.4.4cpe:2.3:a:adobe:magento_open_source:2.4.4:-:*:*:*:*:*:*
adobemagento_open_source2.4.4cpe:2.3:a:adobe:magento_open_source:2.4.4:p1:*:*:*:*:*:*
adobemagento_open_source2.4.4cpe:2.3:a:adobe:magento_open_source:2.4.4:p2:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	commerce	*	cpe:2.3:a:adobe:commerce::::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:-::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p1::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p2::::::
adobe	commerce	2.4.5	cpe:2.3:a:adobe:commerce:2.4.5:-::::::
adobe	commerce	2.4.5	cpe:2.3:a:adobe:commerce:2.4.5:p1::::::
adobe	magento_open_source	*	cpe:2.3:a:adobe:magento_open_source::::::::
adobe	magento_open_source	2.4.4	cpe:2.3:a:adobe:magento_open_source:2.4.4:-::::::
adobe	magento_open_source	2.4.4	cpe:2.3:a:adobe:magento_open_source:2.4.4:p1::::::
adobe	magento_open_source	2.4.4	cpe:2.3:a:adobe:magento_open_source:2.4.4:p2::::::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Magento Commerce",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.5-p1",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.4-p2",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/magento/apsb23-17.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

35.7%

JSON

Related for CVE-2023-22250