Lucene search

AdobeCVELIST:CVE-2023-29293

HistoryJun 15, 2023 - 12:00 a.m.

CVE-2023-29293 Adobe Commerce | Improper Input Validation (CWE-20)

2023-06-1500:00:00

CWE-20

adobe

www.cve.org

adobe commerce

improper input validation

system import

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

AI Score

3.7

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Adobe Commerce",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4.4-p3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/magento/apsb23-35.html

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

AI Score

3.7

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Related for CVELIST:CVE-2023-29293