Lucene search

[email protected]NVD:CVE-2023-26367

HistoryOct 13, 2023 - 7:15 a.m.

CVE-2023-26367

2023-10-1307:15:39

CWE-20

[email protected]

web.nvd.nist.gov

adobe commerce

improper input validation

arbitrary file system read

admin-privilege authenticated attacker

exploitation

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd

Node

adobecommerceMatch2.3.7-

adobecommerceMatch2.3.7p1

adobecommerceMatch2.3.7p2

adobecommerceMatch2.3.7p3

adobecommerceMatch2.3.7p4

adobecommerceMatch2.3.7p4-ext1

adobecommerceMatch2.3.7p4-ext2

adobecommerceMatch2.3.7p4-ext3

adobecommerceMatch2.3.7p4-ext4

adobecommerceMatch2.4.0-

adobecommerceMatch2.4.0ext-1

adobecommerceMatch2.4.0ext-2

adobecommerceMatch2.4.0ext-3

adobecommerceMatch2.4.0ext-4

adobecommerceMatch2.4.1-

adobecommerceMatch2.4.1ext-1

adobecommerceMatch2.4.1ext-2

adobecommerceMatch2.4.1ext-3

adobecommerceMatch2.4.1ext-4

adobecommerceMatch2.4.2-

adobecommerceMatch2.4.2ext-1

adobecommerceMatch2.4.2ext-2

adobecommerceMatch2.4.2ext-3

adobecommerceMatch2.4.2ext-4

adobecommerceMatch2.4.3-

adobecommerceMatch2.4.3ext-1

adobecommerceMatch2.4.3ext-2

adobecommerceMatch2.4.3ext-3

adobecommerceMatch2.4.3ext-4

adobecommerceMatch2.4.4-

adobecommerceMatch2.4.4p1

adobecommerceMatch2.4.4p2

adobecommerceMatch2.4.4p3

adobecommerceMatch2.4.4p4

adobecommerceMatch2.4.4p5

adobecommerceMatch2.4.5-

adobecommerceMatch2.4.5p1

adobecommerceMatch2.4.5p2

adobecommerceMatch2.4.5p3

adobecommerceMatch2.4.5p4

adobecommerceMatch2.4.5p5

adobecommerceMatch2.4.6-

adobecommerceMatch2.4.6p1

adobecommerceMatch2.4.6p2

adobecommerceMatch2.4.7b1

adobemagentoMatch2.4.4-open_source

adobemagentoMatch2.4.4p1open_source

adobemagentoMatch2.4.4p2open_source

adobemagentoMatch2.4.4p3open_source

adobemagentoMatch2.4.5-open_source

adobemagentoMatch2.4.5p1open_source

adobemagentoMatch2.4.5p2open_source

adobemagentoMatch2.4.5p3open_source

adobemagentoMatch2.4.5p4open_source

adobemagentoMatch2.4.6-open_source

adobemagentoMatch2.4.6p1open_source

adobemagentoMatch2.4.6p2open_source

adobemagentoMatch2.4.7b1open_source

VendorProductVersionCPE
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
adobecommerce2.4.0cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:-::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p1::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p2::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p3::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p4::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3::::::
adobe	commerce	2.3.7	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4::::::
adobe	commerce	2.4.0	cpe:2.3:a:adobe:commerce:2.4.0:-::::::