Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) almacenado de la que podr\u00eda ser abusado por un atacante administrador para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable."
    }
  ],
  "id": "CVE-2024-34105",
  "lastModified": "2024-11-21T09:18:06.520",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:11.340",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:12

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante administrativo podr\u00eda aprovechar esta vulnerabilidad para tener un impacto bajo en la confidencialidad, lo que podr\u00eda facilitar futuros ataques. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45133",
  "lastModified": "2024-10-11T22:12:17.887",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:07.340",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-17 15:44

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction"
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para realizar acciones con permisos que no se le han concedido. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24421",
  "lastModified": "2025-04-17T15:44:51.770",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:44.077",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:27

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24429",
  "lastModified": "2025-04-16T14:27:27.770",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:45.610",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:47

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim\u0027s browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) que podr\u00eda aprovecharse para ejecutar c\u00f3digo arbitrario. Si un atacante administrativo puede enga\u00f1ar a un usuario para que haga clic en un v\u00ednculo especialmente manipulado o env\u00ede un formulario, se pueden ejecutar scripts maliciosos dentro del contexto del navegador de la v\u00edctima y tener un gran impacto en la confidencialidad e integridad. Para aprovechar este problema es necesaria la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45116",
  "lastModified": "2024-10-10T21:47:27.763",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:03.930",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:39

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39413",
  "lastModified": "2024-08-14T14:39:39.737",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:27.890",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:40

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource\u0027s state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n TOCTOU (Tiempo de comprobaci\u00f3n y tiempo de uso), que podr\u00eda resultar en la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda explotar esta vulnerabilidad manipulando el tiempo entre la comprobaci\u00f3n del estado de un recurso y su uso, lo que permitir\u00eda acceso de escritura no autorizado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-49558",
  "lastModified": "2025-08-15T15:40:51.597",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.450",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:51

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autenticaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado o privilegios elevados dentro de la aplicaci\u00f3n. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45115",
  "lastModified": "2024-10-10T21:51:56.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:03.127",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29291",
  "lastModified": "2024-11-21T07:56:48.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.887",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:06

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de cross site scripting (XSS) almacenado que un atacante administrativo podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en los campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable."
    }
  ],
  "id": "CVE-2024-45127",
  "lastModified": "2024-10-11T22:06:10.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:06.027",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29289",
  "lastModified": "2024-11-21T07:56:48.313",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.743",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-91"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:09

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y tener un impacto bajo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45129",
  "lastModified": "2024-10-11T22:09:06.553",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:06.423",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-10 16:15

Modified

2025-06-23 19:25

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso de escritura limitado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-27206",
  "lastModified": "2025-06-23T19:25:38.097",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-10T16:15:36.273",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:33

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39417",
  "lastModified": "2024-08-14T14:33:20.707",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:28.780",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39415",
  "lastModified": "2024-08-14T14:34:26.620",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:28.327",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero se requieren privilegios de administrador."
    }
  ],
  "id": "CVE-2024-34109",
  "lastModified": "2024-11-21T09:18:07.147",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:12.820",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29295",
  "lastModified": "2024-11-21T07:56:48.960",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:11.163",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-13 23:15

Modified

2024-11-21 05:47

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb21-08.html	Release Notes, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb21-08.html	Release Notes, Vendor Advisory

Impacted products

	Vendor	Product	Version
	adobe	magento	*
	adobe	magento	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*",
              "matchCriteriaId": "871DB577-0B6B-4F48-9EC9-EFFDAD55DC79",
              "versionEndIncluding": "2.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "897EC3B5-0CC2-4B62-87DF-C189C9DDAF22",
              "versionStartIncluding": "2.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user\u0027s account."
    },
    {
      "lang": "es",
      "value": "Las versiones de Magento 2.4.1 (y anteriores), 2.4.0-p1 (y anteriores) y 2.3.6 (y anteriores) son vulnerables a una vulnerabilidad de objeto directo inseguro (IDOR) en el m\u00f3dulo API de cliente. Una explotaci\u00f3n exitosa podr\u00eda llevar a la divulgaci\u00f3n de informaci\u00f3n sensible y a la actualizaci\u00f3n de informaci\u00f3n arbitraria en la cuenta de otro usuario"
    }
  ],
  "id": "CVE-2021-21013",
  "lastModified": "2024-11-21T05:47:24.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-13T23:15:14.493",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-14 11:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la confidencialidad y la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45131",
  "lastModified": "2024-10-14T11:15:11.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:06.913",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-12-12 21:02

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) que podr\u00eda provocar la omisi\u00f3n de una caracter\u00edstica de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para alterar una condici\u00f3n entre la verificaci\u00f3n y el uso de un recurso, lo que tendr\u00eda un impacto bajo en la integridad. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45120",
  "lastModified": "2024-12-12T21:02:27.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-10T10:15:04.787",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:12

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante administrador podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45135",
  "lastModified": "2024-10-11T22:12:21.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:07.757",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 07:51

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application\u0027s path boundary."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad Server-Side Request Forgery (SSRF) que podr\u00eda provocar una lectura arbitraria del sistema de archivos. Un atacante autenticado con altos privilegios puede obligar a la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL arbitrarias. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario; el alcance cambia debido al hecho de que un atacante puede imponer la lectura de archivos fuera de los l\u00edmite de la ruta de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2023-26366",
  "lastModified": "2024-11-21T07:51:12.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:38.933",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24415",
  "lastModified": "2025-04-16T17:17:27.113",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.983",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una denegaci\u00f3n de servicio (DSP). Un atacante podr\u00eda explotar esta vulnerabilidad proporcionando una entrada especialmente manipulada, lo que provocar\u00eda el bloqueo o la inactividad de la aplicaci\u00f3n. Para explotar este problema, no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-49554",
  "lastModified": "2025-08-15T15:37:34.777",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:28.840",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-10 12:15

Modified

2025-04-16 14:53

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-18.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-18.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-6:*:*:*:*:*:*",
              "matchCriteriaId": "4FC41918-ACB1-4AE8-BFC0-CA74F02007FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-6:*:*:*:*:*:*",
              "matchCriteriaId": "9938C84D-3E58-4856-A1F7-A62ED914CB72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero la complejidad del ataque es alta."
    }
  ],
  "id": "CVE-2024-20758",
  "lastModified": "2025-04-16T14:53:40.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-10T12:15:08.567",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-10-16 13:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda permitir a un atacante omitir las funciones de seguridad. y realizar acciones menores no autorizadas en nombre de un usuario. La vulnerabilidad podr\u00eda explotarse enga\u00f1ando a la v\u00edctima para que haga clic en un enlace o cargue una p\u00e1gina que env\u00ede una solicitud maliciosa. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39410",
  "lastModified": "2024-10-16T13:34:52.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-14T12:15:27.177",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user\u0027s data. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-22248",
  "lastModified": "2024-11-21T07:44:23.877",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.413",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Server-Side Request Forgery (SSRF) que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada al servidor, lo que podr\u00eda provocar que el servidor ejecute c\u00f3digo arbitrario. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34111",
  "lastModified": "2024-11-21T09:18:07.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:13.537",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-10 12:15

Modified

2025-02-11 15:59

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-18.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-18.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-6:*:*:*:*:*:*",
              "matchCriteriaId": "4FC41918-ACB1-4AE8-BFC0-CA74F02007FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-6:*:*:*:*:*:*",
              "matchCriteriaId": "9938C84D-3E58-4856-A1F7-A62ED914CB72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante con altos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable. La confidencialidad y la integridad se consideran altas debido a que tienen un impacto administrativo."
    }
  ],
  "id": "CVE-2024-20759",
  "lastModified": "2025-02-11T15:59:16.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-10T12:15:08.893",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:39

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso de lectura no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y su alcance no var\u00eda."
    }
  ],
  "id": "CVE-2025-49556",
  "lastModified": "2025-08-15T15:39:58.133",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.147",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-14 11:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y afectar la confidencialidad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45132",
  "lastModified": "2024-10-14T11:15:11.657",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:07.140",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-16 13:27

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autenticaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado sin las credenciales adecuadas. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45148",
  "lastModified": "2024-10-16T13:27:46.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:07.963",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24416",
  "lastModified": "2025-04-16T17:17:20.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:43.160",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-04-08 21:15

Modified

2025-05-01 20:00

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-26.html	Patch, Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	commerce_b2b	1.5.1
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7671E11-AC9A-47CA-9FE5-C7DEEA708468",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "42A23BF0-164F-4342-ADF5-B439B902503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-27188",
  "lastModified": "2025-05-01T20:00:44.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-08T21:15:50.393",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user\u0027s data. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29296",
  "lastModified": "2024-11-21T07:56:49.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:11.240",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-10-16 13:37

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podr\u00eda conducir a una lectura arbitraria del sistema de archivos. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso a archivos y directorios que se encuentran fuera del directorio restringido. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se cambia el alcance."
    }
  ],
  "id": "CVE-2024-39406",
  "lastModified": "2024-10-16T13:37:57.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:26.243",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34107",
  "lastModified": "2024-11-21T09:18:06.823",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:12.053",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-25 02:15

Modified

2024-11-21 05:39

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/cardgate/magento2/issues/54	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cardgate/magento2/issues/54	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	cardgate	cardgate_payments	*
	adobe	magento	2.3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cardgate:cardgate_payments:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD035FF-55DF-417A-99B2-8D6B574A8010",
              "versionEndIncluding": "2.0.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "13054AA9-B4EF-40F2-9768-C4C00F766D40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el plugin CardGate Payments versiones hasta 2.0.30 para Magento 2. Una falta de autenticaci\u00f3n de origen en la funci\u00f3n de procesamiento de una devoluci\u00f3n de llamada IPN en el archivo Controller/Payment/Callback.php, permite a un atacante reemplazar remotamente las configuraciones de plugin criticas (ID del comerciante, clave secreta , etc.) y, por lo tanto, omitir el proceso de pago (por ejemplo, falsificar el estado de un pedido enviando manualmente una petici\u00f3n de devoluci\u00f3n de llamada IPN con una firma v\u00e1lida pero sin pago real) y/o recibir todos los pagos posteriores."
    }
  ],
  "id": "CVE-2020-8818",
  "lastModified": "2024-11-21T05:39:29.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-25T02:15:12.097",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cardgate/magento2/issues/54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cardgate/magento2/issues/54"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero se requieren privilegios de administrador"
    }
  ],
  "id": "CVE-2024-34108",
  "lastModified": "2024-11-21T09:18:06.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:12.447",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:48

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) eso podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante administrador. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario y se cambia el alcance."
    }
  ],
  "id": "CVE-2024-39401",
  "lastModified": "2024-08-14T14:48:25.370",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:25.097",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-10 16:15

Modified

2025-06-23 19:22

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado, lo que conlleva un impacto limitado en la confidencialidad y un alto impacto en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-43585",
  "lastModified": "2025-06-23T19:22:41.517",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-10T16:15:40.043",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:21

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener privilegios elevados. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24437",
  "lastModified": "2025-04-16T14:21:51.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:46.717",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:05

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para tener un impacto m\u00ednimo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45125",
  "lastModified": "2024-10-11T22:05:54.723",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:05.797",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-25 18:15

Modified

2025-07-24 19:20

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "5CA94A87-BA10-4D46-B46D-3DAD379CEEAA",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con privilegios elevados podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado limitado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-49549",
  "lastModified": "2025-07-24T19:20:37.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-25T18:15:22.163",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-02-27 21:15

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24438",
  "lastModified": "2025-02-27T21:15:41.800",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:46.893",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:48

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross Site Scripting (XSS) basada en DOM. Esta vulnerabilidad podr\u00eda permitir a un atacante administrador inyectar y ejecutar c\u00f3digo JavaScript arbitrario dentro del contexto de la sesi\u00f3n del navegador del usuario. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, como convencer a la v\u00edctima de que haga clic en un enlace malicioso. El impacto en la confidencialidad y la integridad es alto ya que afecta a otras cuentas de administrador."
    }
  ],
  "id": "CVE-2024-39400",
  "lastModified": "2024-08-14T14:48:01.763",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:24.863",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-17 16:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido (\"Path Traversal\") que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para modificar archivos que se almacenan fuera del directorio restringido. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24406",
  "lastModified": "2025-04-17T16:09:35.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:41.300",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un gran impacto en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45118",
  "lastModified": "2024-10-10T21:47:00.927",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:04.357",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una neutralizaci\u00f3n inadecuada de funciones especiales. Elementos utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante autenticado con privilegios de administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y la complejidad del ataque es alta, ya que requiere conocimiento de herramientas m\u00e1s all\u00e1 del simple uso de la interfaz de usuario."
    }
  ],
  "id": "CVE-2023-38221",
  "lastModified": "2024-11-21T08:13:07.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:40.777",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-10 16:15

Modified

2025-06-23 19:22

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso elevado no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-43586",
  "lastModified": "2025-06-23T19:22:26.633",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-10T16:15:40.207",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:47

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos que podr\u00eda provocar una omisi\u00f3n de la caracter\u00edstica de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para realizar ataques de fuerza bruta y potencialmente obtener acceso no autorizado a cuentas. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero la complejidad del ataque es alta."
    }
  ],
  "id": "CVE-2024-39398",
  "lastModified": "2024-08-14T14:47:10.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:24.377",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una neutralizaci\u00f3n inadecuada de funciones especiales. Elementos utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante autenticado con privilegios de administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y la complejidad del ataque es alta, ya que requiere conocimiento de herramientas m\u00e1s all\u00e1 del simple uso de la interfaz de usuario."
    }
  ],
  "id": "CVE-2023-38249",
  "lastModified": "2024-11-21T08:13:10.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:41.037",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de Consumo de Recursos Incontrolados eso podr\u00eda provocar una Denegaci\u00f3n de Servicio (DoS) menor en una aplicaci\u00f3n. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2023-38251",
  "lastModified": "2024-11-21T08:13:11.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:41.577",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 07:51

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta eso podr\u00eda llevar a que un atacante autenticado con privilegios de administrador lea el sistema de archivos arbitrario. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2023-26367",
  "lastModified": "2024-11-21T07:51:12.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:39.767",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\u00abPath Traversal\u00bb), que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para modificar datos limitados. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-49559",
  "lastModified": "2025-08-15T15:40:55.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.600",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.."
    }
  ],
  "id": "CVE-2023-29287",
  "lastModified": "2024-11-21T07:56:48.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.603",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-12-12 21:05

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Server-Side Request Forgery (SSRF) que podr\u00eda provocar la lectura arbitraria del sistema de archivos. Un atacante autenticado con pocos privilegios puede obligar a la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL arbitrarias y tener un impacto bajo tanto en la confidencialidad como en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se modifica el alcance."
    }
  ],
  "id": "CVE-2024-45119",
  "lastModified": "2024-12-12T21:05:17.993",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-10T10:15:04.563",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:22

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24434",
  "lastModified": "2025-04-16T14:22:46.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:46.157",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24413",
  "lastModified": "2025-04-16T17:17:53.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.623",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:47

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podr\u00eda conducir a una lectura arbitraria del sistema de archivos. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para obtener acceso a archivos y directorios que se encuentran fuera del directorio restringido. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se cambia el alcance."
    }
  ],
  "id": "CVE-2024-39399",
  "lastModified": "2024-08-14T14:47:39.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:24.607",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:18

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24411",
  "lastModified": "2025-04-16T17:18:03.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.243",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-10-16 13:33

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39412",
  "lastModified": "2024-10-16T13:33:27.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:27.650",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-11-12 17:15

Modified

2024-11-18 18:44

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-90.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	adobe	commerce	*
	adobe	magento	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2731236-D6E0-497F-8057-4F35A51E174C",
              "versionEndExcluding": "3.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "4D88B043-948D-4D45-9B6E-A29FC028C200",
              "versionEndExcluding": "3.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 3.2.5 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Server-Side Request Forgery (SSRF) que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para enviar solicitudes manipuladas a medida desde el servidor vulnerable a sistemas internos, lo que podr\u00eda provocar la omisi\u00f3n de medidas de seguridad como los firewalls. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-49521",
  "lastModified": "2024-11-18T18:44:32.113",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-12T17:15:08.783",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-90.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:45

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross Site Scripting (XSS) almacenada de la que podr\u00eda abusar una persona con pocos privilegios. atacante para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable. El impacto en la confidencialidad es alto debido a que el atacante puede filtrar informaci\u00f3n confidencial."
    }
  ],
  "id": "CVE-2024-39403",
  "lastModified": "2024-08-14T14:45:31.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:25.540",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-02-27 21:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado para modificar campos limitados. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24435",
  "lastModified": "2025-02-27T21:15:41.437",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:46.347",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39416",
  "lastModified": "2024-08-14T14:34:23.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:28.560",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:45

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) eso podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante administrador. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario y se cambia el alcance."
    }
  ],
  "id": "CVE-2024-39402",
  "lastModified": "2024-08-14T14:45:28.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:25.317",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:25

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y modificar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39419",
  "lastModified": "2024-08-14T14:25:31.337",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:29.283",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada de la que un atacante con pocos privilegios podr\u00eda abusar para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable. El payload se almacena en un \u00e1rea de administraci\u00f3n, lo que genera un alto impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2023-38219",
  "lastModified": "2024-11-21T08:13:06.720",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:40.327",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:47

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una lectura arbitraria del sistema de archivos. Un atacante administrador podr\u00eda aprovechar esta vulnerabilidad para leer archivos del sistema fuera de los directorios previstos a trav\u00e9s de la cadena de filtros PHP y tambi\u00e9n puede tener un impacto de baja disponibilidad en el servicio. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se modifica el alcance."
    }
  ],
  "id": "CVE-2024-45117",
  "lastModified": "2024-10-10T21:47:11.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:04.150",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:40

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39411",
  "lastModified": "2024-08-14T14:40:55.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:27.407",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:44

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y modificar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39404",
  "lastModified": "2024-08-14T14:44:35.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:25.760",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-25 18:15

Modified

2025-07-24 19:20

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "5CA94A87-BA10-4D46-B46D-3DAD379CEEAA",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado limitado. Para explotar este problema se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-49550",
  "lastModified": "2025-07-24T19:20:44.147",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-25T18:15:22.323",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29297",
  "lastModified": "2024-11-21T07:56:49.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:11.310",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1336"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado, lo que tendr\u00eda un impacto tanto en la confidencialidad como en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34104",
  "lastModified": "2024-11-21T09:18:06.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:11.017",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:40

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda explotar para inyectar scripts maliciosos en campos de formulario vulnerables. Estos scripts pueden utilizarse para escalar privilegios dentro de la aplicaci\u00f3n o comprometer datos confidenciales del usuario. Para explotar este problema, la v\u00edctima debe acceder a la p\u00e1gina que contiene el campo vulnerable. Se ha modificado el alcance."
    }
  ],
  "id": "CVE-2025-49557",
  "lastModified": "2025-08-15T15:40:43.247",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.300",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:42

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y modificar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39407",
  "lastModified": "2024-08-14T14:42:50.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:26.483",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29290",
  "lastModified": "2024-11-21T07:56:48.423",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.817",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-353"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-04-08 21:15

Modified

2025-05-20 14:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-26.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.1
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C7F81CCF-0105-465B-90A3-047A57ED4B81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "42A23BF0-164F-4342-ADF5-B439B902503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de funciones de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-27191",
  "lastModified": "2025-05-20T14:30:41.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-08T21:15:50.883",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-10 16:15

Modified

2025-07-15 18:40

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de cross site scripting (XSS) almacenado que un atacante con privilegios elevados podr\u00eda aprovechar para inyectar scripts maliciosos en campos de formulario vulnerables. Es posible que se ejecute JavaScript malicioso en el navegador de la v\u00edctima al acceder a la p\u00e1gina que contiene el campo vulnerable."
    }
  ],
  "id": "CVE-2025-47110",
  "lastModified": "2025-07-15T18:40:20.800",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-10T16:15:41.210",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:39

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y revelar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39414",
  "lastModified": "2024-08-14T14:39:26.427",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:28.107",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:32

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y ver y editar informaci\u00f3n de baja sensibilidad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39418",
  "lastModified": "2024-08-14T14:32:59.893",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:29.010",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-10-16 13:35

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda permitir a un atacante omitir las funciones de seguridad. y realizar acciones menores no autorizadas en nombre de un usuario. La vulnerabilidad podr\u00eda explotarse enga\u00f1ando a la v\u00edctima para que haga clic en un enlace o cargue una p\u00e1gina que env\u00ede una solicitud maliciosa. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39409",
  "lastModified": "2024-10-16T13:35:32.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:26.937",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:35

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la confidencialidad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45122",
  "lastModified": "2024-10-10T21:35:53.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:05.200",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24412",
  "lastModified": "2025-04-16T17:17:56.930",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.433",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una neutralizaci\u00f3n inadecuada de funciones especiales. Elementos utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante autenticado con privilegios de administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y la complejidad del ataque es alta, ya que requiere conocimiento de herramientas m\u00e1s all\u00e1 del simple uso de la interfaz de usuario."
    }
  ],
  "id": "CVE-2023-38250",
  "lastModified": "2024-11-21T08:13:10.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:41.420",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-14 11:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la integridad y la disponibilidad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45128",
  "lastModified": "2024-10-14T11:15:10.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:06.230",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-08-12 18:15

Modified

2025-08-15 15:39

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-71.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	magento	*
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0C95-7AF4-4A11-BE6A-4F7A96BB894C",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "50996F49-240B-4262-8B9E-7B47D845D120",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "9B29A41D-8E7B-47DB-B69A-3F84777A089C",
              "versionEndExcluding": "2.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda provocar una escalada de privilegios. Un atacante con privilegios elevados podr\u00eda enga\u00f1ar a la v\u00edctima para que realice acciones no deseadas en una aplicaci\u00f3n web donde est\u00e9 autenticada, lo que podr\u00eda permitir el acceso no autorizado o la modificaci\u00f3n de datos confidenciales. Para explotar este problema, es necesario que la v\u00edctima visite un sitio web malicioso o haga clic en un enlace manipulado. Se ha modificado el alcance."
    }
  ],
  "id": "CVE-2025-49555",
  "lastModified": "2025-08-15T15:39:48.550",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.000",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user\u0027s minor feature. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29293",
  "lastModified": "2024-11-21T07:56:48.747",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:11.020",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una elusi\u00f3n de una caracter\u00edstica de seguridad de manera que un atacante pudiera acceder a datos no autorizados. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2023-38220",
  "lastModified": "2024-11-21T08:13:06.863",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:40.557",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29294",
  "lastModified": "2024-11-21T07:56:48.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:11.090",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-840"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una caracter\u00edstica de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado o realizar acciones con los privilegios de otro usuario. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34106",
  "lastModified": "2024-11-21T09:18:06.667",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:11.697",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta condici\u00f3n de ejecuci\u00f3n para modificar una condici\u00f3n despu\u00e9s de que se haya verificado pero antes de que se utilice, lo que podr\u00eda eludir los mecanismos de seguridad. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24432",
  "lastModified": "2025-04-16T14:25:43.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:45.960",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-12-12 21:07

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la confidencialidad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45149",
  "lastModified": "2024-12-12T21:07:55.907",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:08.170",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24417",
  "lastModified": "2025-04-16T17:17:10.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:43.347",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user\u0027s data. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29288",
  "lastModified": "2024-11-21T07:56:48.197",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.673",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autenticaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado o privilegios elevados dentro de la aplicaci\u00f3n. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero la complejidad del ataque es alta."
    }
  ],
  "id": "CVE-2024-34103",
  "lastModified": "2024-11-21T09:18:06.227",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:10.720",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45124",
  "lastModified": "2024-10-11T22:05:43.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:05.607",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-03-05 18:32

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application\u0027s operations causing limited data modification. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de error de l\u00f3gica empresarial que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir los mecanismos de seguridad previstos manipulando la l\u00f3gica de las operaciones de la aplicaci\u00f3n y provocando una modificaci\u00f3n limitada de los datos. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24425",
  "lastModified": "2025-03-05T18:32:12.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:44.857",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-840"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-21 09:18

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de carga sin restricciones de archivos con tipo peligroso que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante con altos privilegios podr\u00eda aprovechar esta vulnerabilidad cargando un archivo malicioso en el sistema, que luego podr\u00eda ejecutarse. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34110",
  "lastModified": "2024-11-21T09:18:07.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T09:15:13.137",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-03-05 17:43

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n que podr\u00eda provocar una escalada de privilegios. Un atacante con pocos privilegios podr\u00eda obtener acceso no autorizado a informaci\u00f3n confidencial. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24408",
  "lastModified": "2025-03-05T17:43:13.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:41.677",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:34

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS). Si un atacante logra convencer a una v\u00edctima de que visite una URL que haga referencia a una p\u00e1gina vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
    }
  ],
  "id": "CVE-2024-45123",
  "lastModified": "2024-10-10T21:34:32.123",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:05.400",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:46

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed."
    },
    {
      "lang": "es",
      "value": " Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de carga sin restricciones de archivos con tipo peligroso que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante. . Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando un archivo malicioso que luego podr\u00e1 ejecutarse en el servidor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero la complejidad del ataque es alta y el alcance cambia."
    }
  ],
  "id": "CVE-2024-39397",
  "lastModified": "2024-08-14T14:46:52.150",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:24.123",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta condici\u00f3n de ejecuci\u00f3n para modificar una condici\u00f3n despu\u00e9s de que se haya verificado pero antes de que se utilice, lo que podr\u00eda eludir los mecanismos de seguridad. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24430",
  "lastModified": "2025-04-16T14:25:10.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:45.787",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-15 19:15

Modified

2024-11-21 07:56

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2023-29292",
  "lastModified": "2024-11-21T07:56:48.640",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-15T19:15:10.957",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-17 15:44

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24427",
  "lastModified": "2025-04-17T15:44:59.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:45.223",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 14:53

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24436",
  "lastModified": "2025-04-16T14:53:10.643",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:46.537",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:17

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24414",
  "lastModified": "2025-04-16T17:17:47.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.803",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-10 21:37

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45121",
  "lastModified": "2024-10-10T21:37:08.743",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:04.997",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-04-08 21:15

Modified

2025-06-23 19:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-26.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.1
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C7F81CCF-0105-465B-90A3-047A57ED4B81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "42A23BF0-164F-4342-ADF5-B439B902503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de funciones de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-27190",
  "lastModified": "2025-06-23T19:30:03.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-08T21:15:50.727",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:15

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar c\u00f3digo JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable. Un atacante con \u00e9xito puede aprovechar esto para lograr la toma de control de la sesi\u00f3n, lo que aumenta el impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2025-24410",
  "lastModified": "2025-04-16T17:15:50.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:42.057",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-04-16 17:18

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11  and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado, lo que afectar\u00eda tanto a la confidencialidad como a la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-24409",
  "lastModified": "2025-04-16T17:18:10.117",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:41.860",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-13 09:15

Modified

2024-11-29 15:33

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

References

URL	Tags
psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
psirt@adobe.com	https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102	Exploit, Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "cisaActionDue": "2024-08-07",
  "cisaExploitAdd": "2024-07-17",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-7:*:*:*:*:*:*",
              "matchCriteriaId": "F4F3CDEB-7BEE-44F7-A927-DCA209429D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-7:*:*:*:*:*:*",
              "matchCriteriaId": "FFCF3470-0C38-4F54-9BFF-B5819805AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC901F8-73E4-4B13-9855-D7B157D37EA3",
              "versionEndExcluding": "1.5.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de restricci\u00f3n inadecuada de referencia de entidad externa XML (\"XXE\") que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un documento XML manipulado que haga referencia a entidades externas. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34102",
  "lastModified": "2024-11-29T15:33:14.280",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-13T09:15:10.380",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-03-03 15:51

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-08.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.0
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "8D484416-4968-408A-861A-9130CEBEF37E",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en los campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable."
    }
  ],
  "id": "CVE-2025-24428",
  "lastModified": "2025-03-03T15:51:40.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:45.423",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:12

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante administrativo podr\u00eda aprovechar esta vulnerabilidad para tener un impacto bajo en la confidencialidad, lo que podr\u00eda facilitar futuros ataques. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45134",
  "lastModified": "2024-10-11T22:12:19.693",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:07.540",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-10 10:15

Modified

2024-10-11 22:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-73.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	-
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	magento	-
adobe	magento	2.4.3
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2534F3CE-1387-46FC-B6AF-0D3379B38B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "319BD62E-B745-41C0-8F31-A807B6067A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B82CF0-829C-4CC4-B5FD-BD783B0C13BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB93DC1-7F58-435F-A54D-3E0C9C6AD811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:-:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "B57D1E23-3174-43D5-B6C6-C871654881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.3:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "1A4D7A6E-D4E3-43D2-AC4C-C26AE4EE365C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y tener un impacto bajo en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-45130",
  "lastModified": "2024-10-11T22:08:57.837",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-10T10:15:06.700",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-04-08 21:15

Modified

2025-05-20 14:03

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-26.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce_b2b	*
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.1
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C7F81CCF-0105-465B-90A3-047A57ED4B81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3E475D-DFAD-4AF4-BA4F-7593755FCE70",
              "versionEndExcluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "42A23BF0-164F-4342-ADF5-B439B902503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Credenciales Insuficientemente Protegidas que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con privilegios elevados podr\u00eda explotar esta vulnerabilidad para obtener acceso no autorizado a recursos protegidos mediante la obtenci\u00f3n de informaci\u00f3n confidencial de credenciales. Para explotar este problema, no se requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2025-27192",
  "lastModified": "2025-05-20T14:03:00.747",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-08T21:15:51.040",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-13 07:15

Modified

2024-11-21 08:13

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb23-50.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una Autorizaci\u00f3n Incorrecta. Un atacante autenticado puede aprovechar esto para lograr exposici\u00f3n de informaci\u00f3n y escalada de privilegios."
    }
  ],
  "id": "CVE-2023-38218",
  "lastModified": "2024-11-21T08:13:06.583",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:40.047",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-10-16 13:36

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda permitir a un atacante omitir las funciones de seguridad. y realizar acciones menores no autorizadas en nombre de un usuario. La vulnerabilidad podr\u00eda explotarse enga\u00f1ando a la v\u00edctima para que haga clic en un enlace o cargue una p\u00e1gina que env\u00ede una solicitud maliciosa. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39408",
  "lastModified": "2024-10-16T13:36:13.497",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:26.703",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 12:15

Modified

2024-08-14 14:44

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

▶	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-61.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	*
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	magento	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD55BE5-59AF-4C75-9187-A90F23262716",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
              "matchCriteriaId": "11A61231-5593-481E-A28C-A68BC6EEC49A",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y modificar informaci\u00f3n menor. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-39405",
  "lastModified": "2024-08-14T14:44:17.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T12:15:26.013",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-47110 (GCVE-0-2025-47110)

Vulnerability from cvelistv5

Published

2025-06-10 16:08

Modified

2025-07-14 20:49

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T18:09:25.345136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T18:09:31.686Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-14T20:49:56.693Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-47110",
    "datePublished": "2025-06-10T16:08:55.695Z",
    "dateReserved": "2025-04-30T20:47:55.001Z",
    "dateUpdated": "2025-07-14T20:49:56.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3717 (GCVE-0-2020-3717)

Vulnerability from cvelistv5

Published

2020-01-29 18:51

Modified

2024-08-04 07:44

Severity ?

CWE

Path traversal

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path traversal    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:51:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3717",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path traversal    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3717",
    "datePublished": "2020-01-29T18:51:01",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9632 (GCVE-0-2020-9632)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Security mitigation bypass

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security mitigation bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:08",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9632",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security mitigation bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9632",
    "datePublished": "2020-06-26T20:20:08",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29288 (GCVE-0-2023-29288)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:57

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:27.663731Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:57:14.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user\u0027s data. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:11:32.577Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29288",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:57:14.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9576 (GCVE-0-2020-9576)

Vulnerability from cvelistv5

Published

2020-06-26 20:21

Modified

2024-08-04 10:34

Severity ?

CWE

Command injection

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:21:17",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9576",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9576",
    "datePublished": "2020-06-26T20:21:17",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29287 (GCVE-0-2023-29287)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:57

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Exposure ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:16.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:39:07.048614Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:57:21.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Exposure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce Information Exposure Security feature bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29287",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:57:21.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38251 (GCVE-0-2023-38251)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-400 - Uncontrolled Resource Consumption ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:39:12.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:04.728004Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:40:46.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "LOW",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:10:29.775Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38251",
    "datePublished": "2023-10-13T06:15:20.637Z",
    "dateReserved": "2023-07-13T16:21:52.618Z",
    "dateUpdated": "2025-02-27T20:40:46.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22248 (GCVE-0-2023-22248)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:05.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:39:10.252478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:57:27.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user\u0027s data. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce Incorrect Authorization Security feature bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-22248",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2022-12-19T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:57:27.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49554 (GCVE-0-2025-49554)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 20:14

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T14:18:27.809062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:14:23.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:07.283Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49554",
    "datePublished": "2025-08-12T17:55:07.283Z",
    "dateReserved": "2025-06-06T15:42:09.517Z",
    "dateUpdated": "2025-08-13T20:14:23.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49559 (GCVE-0-2025-49559)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 20:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:14.610966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:14:29.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:06.460Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49559",
    "datePublished": "2025-08-12T17:55:06.460Z",
    "dateReserved": "2025-06-06T15:42:09.518Z",
    "dateUpdated": "2025-08-13T20:14:29.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8235 (GCVE-0-2019-8235)

Vulnerability from cvelistv5

Published

2019-10-29 23:05

Modified

2024-08-04 21:17

Severity ?

CWE

Insecure Direct Object Reference (IDOR)

Summary

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

References

►

URL

Tags

https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3 prior to 2.3.1 Version: 2.2 prior to 2.2.8 Version: 2.1 prior to 2.1.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:17:29.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3 prior to 2.3.1"
            },
            {
              "status": "affected",
              "version": "2.2 prior to 2.2.8"
            },
            {
              "status": "affected",
              "version": "2.1 prior to 2.1.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Direct Object Reference (IDOR)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T23:05:56",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2019-8235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3 prior to 2.3.1"
                          },
                          {
                            "version_value": "2.2 prior to 2.2.8"
                          },
                          {
                            "version_value": "2.1 prior to 2.1.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Direct Object Reference (IDOR)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update",
              "refsource": "CONFIRM",
              "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2019-8235",
    "datePublished": "2019-10-29T23:05:56",
    "dateReserved": "2019-02-12T00:00:00",
    "dateUpdated": "2024-08-04T21:17:29.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9692 (GCVE-0-2020-9692)

Vulnerability from cvelistv5

Published

2020-07-29 12:20

Modified

2024-08-04 10:34

Severity ?

CWE

Security Mitigation bypass

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-47.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Mitigation bypass ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T12:20:48",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Mitigation bypass "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9692",
    "datePublished": "2020-07-29T12:20:48",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3758 (GCVE-0-2020-3758)

Vulnerability from cvelistv5

Published

2020-01-29 18:52

Modified

2024-08-04 07:44

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:52:39",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3758",
    "datePublished": "2020-01-29T18:52:39",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9581 (GCVE-0-2020-9581)

Vulnerability from cvelistv5

Published

2020-06-26 20:19

Modified

2024-08-04 10:34

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:19:41",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9581",
    "datePublished": "2020-06-26T20:19:41",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24412 (GCVE-0-2025-24412)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:40.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:13.659Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24412",
    "datePublished": "2025-02-11T17:37:36.216Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:13.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45121 (GCVE-0-2024-45121)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 14:24

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:55:50.598240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:24:07.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:02.296Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45121",
    "datePublished": "2024-10-10T09:58:02.296Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-10-10T14:24:07.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24438 (GCVE-0-2025-24438)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:42.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:06.588Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24438",
    "datePublished": "2025-02-11T17:37:42.877Z",
    "dateReserved": "2025-01-21T17:00:45.703Z",
    "dateUpdated": "2025-02-27T20:38:06.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9579 (GCVE-0-2020-9579)

Vulnerability from cvelistv5

Published

2020-06-26 20:18

Modified

2024-08-04 10:34

Severity ?

CWE

Security mitigation bypass

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security mitigation bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:18:51",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9579",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security mitigation bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9579",
    "datePublished": "2020-06-26T20:18:51",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9578 (GCVE-0-2020-9578)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Command injection

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:45",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9578",
    "datePublished": "2020-06-26T20:20:45",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39415 (GCVE-0-2024-39415)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39415",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:13:06.363711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:15:32.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:06.435Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "An unauthorized user can export the Tax Sales Report"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39415",
    "datePublished": "2024-08-14T11:57:06.435Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-08-14T14:15:32.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39419 (GCVE-0-2024-39419)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:12

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:08:00.420281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:12:33.337Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:22.405Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A user without ship permissions can ship the orders"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39419",
    "datePublished": "2024-08-14T11:57:22.405Z",
    "dateReserved": "2024-06-24T20:32:06.595Z",
    "dateUpdated": "2024-08-14T14:12:33.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27192 (GCVE-0-2025-27192)

Vulnerability from cvelistv5

Published

2025-04-08 20:17

Modified

2025-04-08 21:01

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-522 - Insufficiently Protected Credentials ()

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-26.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27192",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:53:23.099949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T21:01:36.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "Insufficiently Protected Credentials (CWE-522)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T20:17:10.679Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Insufficiently Protected Credentials (CWE-522)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-27192",
    "datePublished": "2025-04-08T20:17:10.679Z",
    "dateReserved": "2025-02-19T22:28:19.021Z",
    "dateUpdated": "2025-04-08T21:01:36.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39399 (GCVE-0-2024-39399)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:13

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:09:03.657152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:07.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:19.382Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "[Paris] Path Traversal lead to local file read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39399",
    "datePublished": "2024-08-14T11:57:19.382Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-08-14T14:13:07.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9587 (GCVE-0-2020-9587)

Vulnerability from cvelistv5

Published

2020-06-26 20:19

Modified

2024-08-04 10:34

Severity ?

CWE

Authorization bypass

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authorization bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:19:07",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authorization bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9587",
    "datePublished": "2020-06-26T20:19:07",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9584 (GCVE-0-2020-9584)

Vulnerability from cvelistv5

Published

2020-06-26 20:18

Modified

2024-08-04 10:34

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:18:59",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9584",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9584",
    "datePublished": "2020-06-26T20:18:59",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29292 (GCVE-0-2023-29292)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:44.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:16.848558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:48.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Server Side Request Forgery (SSRF) in FedEx carrier integration configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29292",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:48.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39414 (GCVE-0-2024-39414)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:14

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:11:42.460572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:39.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:10.986Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Being able to import/export tax rates without proper privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39414",
    "datePublished": "2024-08-14T11:57:10.986Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-08-14T14:14:39.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9582 (GCVE-0-2020-9582)

Vulnerability from cvelistv5

Published

2020-06-26 20:19

Modified

2024-08-04 10:34

Severity ?

CWE

Command injection

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:19:28",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9582",
    "datePublished": "2020-06-26T20:19:28",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45127 (GCVE-0-2024-45127)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 13:56

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:55:55.095502Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:56:06.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.8,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:06.189Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45127",
    "datePublished": "2024-10-10T09:58:06.189Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-10T13:56:06.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24408 (GCVE-0-2025-24408)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Information Exposure ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:49:13.125828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:57:56.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Exposure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:10.912Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Information Exposure (CWE-200)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24408",
    "datePublished": "2025-02-11T17:37:32.198Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:10.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29296 (GCVE-0-2023-29296)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:44.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:03.689164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:22.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.5-p1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user\u0027s data. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "[Cloud] Customer suspects IDOR vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29296",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:22.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39413 (GCVE-0-2024-39413)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:13

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:08:47.722884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:00.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:20.153Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "An unauthorized user can export the Invoiced Sales Report"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39413",
    "datePublished": "2024-08-14T11:57:20.153Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-08-14T14:13:00.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39398 (GCVE-0-2024-39398)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:13

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-307 - Improper Restriction of Excessive Authentication Attempts ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:10:17.592608Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:54.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.4,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper Restriction of Excessive Authentication Attempts (CWE-307)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:15.614Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OTP 2FA can be bruteforced"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39398",
    "datePublished": "2024-08-14T11:57:15.614Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-08-14T14:13:54.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9665 (GCVE-0-2020-9665)

Vulnerability from cvelistv5

Published

2020-07-22 19:23

Modified

2024-08-04 10:34

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-41.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 1.14.4.5 and earlier, and 1.9.4.5 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "1.14.4.5 and earlier, and 1.9.4.5 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T19:23:12",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.14.4.5 and earlier, and 1.9.4.5 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-41.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9665",
    "datePublished": "2020-07-22T19:23:12",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49556 (GCVE-0-2025-49556)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 20:14

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T14:18:25.585470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:14:11.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:11.081Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49556",
    "datePublished": "2025-08-12T17:55:11.081Z",
    "dateReserved": "2025-06-06T15:42:09.517Z",
    "dateUpdated": "2025-08-13T20:14:11.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45135 (GCVE-0-2024-45135)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:00

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:00:24.393148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:00:45.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:57.455Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45135",
    "datePublished": "2024-10-10T09:57:57.455Z",
    "dateReserved": "2024-08-21T23:00:59.348Z",
    "dateUpdated": "2024-10-10T14:00:45.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9585 (GCVE-0-2020-9585)

Vulnerability from cvelistv5

Published

2020-06-26 20:18

Modified

2024-08-04 10:34

Severity ?

CWE

Defense-in-depth security mitigation

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Defense-in-depth security mitigation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:18:44",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9585",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Defense-in-depth security mitigation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9585",
    "datePublished": "2020-06-26T20:18:44",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24411 (GCVE-0-2025-24411)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 16:32

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24411",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:39.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T16:32:22.217Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24411",
    "datePublished": "2025-02-11T17:37:51.772Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-04-15T16:32:22.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39411 (GCVE-0-2024-39411)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:07

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39411",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:11:14.028207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:24.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:07:07.544Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39411",
    "datePublished": "2024-08-14T11:57:12.517Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-17T11:07:07.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21013 (GCVE-0-2021-21013)

Vulnerability from cvelistv5

Published

2021-01-13 22:35

Modified

2024-09-17 02:28

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb21-08.html

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:23.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.0-p1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user\u0027s account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T12:41:38",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
          "ID": "CVE-2021-21013",
          "STATE": "PUBLIC",
          "TITLE": "Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento Commerce",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.4.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.4.0-p1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.3.6"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user\u0027s account."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Authorization (CWE-863)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2021-21013",
    "datePublished": "2021-01-13T22:35:54.370195Z",
    "dateReserved": "2020-12-18T00:00:00",
    "dateUpdated": "2024-09-17T02:28:00.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29297 (GCVE-0-2023-29297)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:44.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:37:01.455961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:15.812Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "Improper Neutralization of Special Elements Used in a Template Engine(CWE-1336)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Admin-to-admin stored XSS via cache poisoning"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29297",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:15.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39402 (GCVE-0-2024-39402)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:05

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39402",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:12:09.555224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:57.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:05:39.188Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39402",
    "datePublished": "2024-08-14T11:57:09.458Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-09-17T11:05:39.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45122 (GCVE-0-2024-45122)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:00

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:59:49.561888Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:00:07.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:58.231Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45122",
    "datePublished": "2024-10-10T09:57:58.231Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-10-10T14:00:07.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24436 (GCVE-0-2025-24436)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 16:20

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:48:53.266610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:55:42.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T16:20:05.482Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24436",
    "datePublished": "2025-02-11T17:37:44.529Z",
    "dateReserved": "2025-01-21T17:00:45.703Z",
    "dateUpdated": "2025-04-15T16:20:05.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39403 (GCVE-0-2024-39403)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:12

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:08:14.521051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:12:45.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.6,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 7.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:21.660Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stored XSS through Webhook module public key configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39403",
    "datePublished": "2024-08-14T11:57:21.660Z",
    "dateReserved": "2024-06-24T20:32:06.591Z",
    "dateUpdated": "2024-08-14T14:12:45.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34102 (GCVE-0-2024-34102)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2025-07-30 01:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

	https://helpx.adobe.com/security/products/magento/apsb24-40.html	vendor-advisory
	https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34102",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T03:55:19.256192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-07-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-34102"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:00.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-07-17T00:00:00+00:00",
            "value": "CVE-2024-34102 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-03T16:00:03.226Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        },
        {
          "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "XXE can expose crypt key and other secrets granting full admin access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34102",
    "datePublished": "2024-06-13T09:04:56.093Z",
    "dateReserved": "2024-04-30T19:50:50.900Z",
    "dateUpdated": "2025-07-30T01:37:00.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29289 (GCVE-0-2023-29289)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:57

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-91 - XML Injection (aka Blind XPath Injection) ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:16.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:23.914820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:57:07.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-91",
              "description": "XML Injection (aka Blind XPath Injection) (CWE-91)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce XML Injection Security feature bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29289",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:57:07.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24415 (GCVE-0-2025-24415)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24415",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:46.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:15.157Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24415",
    "datePublished": "2025-02-11T17:37:52.600Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:15.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45128 (GCVE-0-2024-45128)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-14 10:37

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:53:58.089987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:14:36.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "LOW",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T10:37:12.555Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45128",
    "datePublished": "2024-10-10T09:58:05.408Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-14T10:37:12.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24435 (GCVE-0-2025-24435)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24435",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:49:16.002558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:58:05.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:04.345Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24435",
    "datePublished": "2025-02-11T17:37:31.405Z",
    "dateReserved": "2025-01-21T17:00:45.703Z",
    "dateUpdated": "2025-02-27T20:38:04.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39400 (GCVE-0-2024-39400)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:15

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (DOM-based XSS) ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:12:38.248509Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:15:17.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:07.948Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DOM XSS through integrations can impact other admins"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39400",
    "datePublished": "2024-08-14T11:57:07.948Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-08-14T14:15:17.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20759 (GCVE-0-2024-20759)

Vulnerability from cvelistv5

Published

2024-04-10 11:49

Modified

2024-09-17 11:09

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-18.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-beta3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-11T04:01:07.475354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-19T17:23:30.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:09:43.384Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-20759",
    "datePublished": "2024-04-10T11:49:02.892Z",
    "dateReserved": "2023-12-04T16:52:22.978Z",
    "dateUpdated": "2024-09-17T11:09:43.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39401 (GCVE-0-2024-39401)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:05

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:10:32.512995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:01.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:05:32.867Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39401",
    "datePublished": "2024-08-14T11:57:14.867Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-09-17T11:05:32.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27188 (GCVE-0-2025-27188)

Vulnerability from cvelistv5

Published

2025-04-08 20:17

Modified

2025-05-01 16:10

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-26.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:53:30.425995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T21:01:36.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T16:10:36.954Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-27188",
    "datePublished": "2025-04-08T20:17:09.891Z",
    "dateReserved": "2025-02-19T22:28:19.020Z",
    "dateUpdated": "2025-05-01T16:10:36.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9580 (GCVE-0-2020-9580)

Vulnerability from cvelistv5

Published

2020-06-26 20:19

Modified

2024-08-04 10:34

Severity ?

CWE

Security mitigation bypass

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security mitigation bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:19:59",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9580",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security mitigation bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9580",
    "datePublished": "2020-06-26T20:19:59",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45124 (GCVE-0-2024-45124)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 13:55

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "adobe_commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.4-p10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45124",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:54:17.424092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:55:37.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:03.845Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45124",
    "datePublished": "2024-10-10T09:58:03.845Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-10T13:55:37.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24428 (GCVE-0-2025-24428)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:49:10.482554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:57:35.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:17.483Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24428",
    "datePublished": "2025-02-11T17:37:33.816Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-02-27T20:38:17.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49555 (GCVE-0-2025-49555)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 20:14

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:10.973715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:14:36.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:05.453Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49555",
    "datePublished": "2025-08-12T17:55:05.453Z",
    "dateReserved": "2025-06-06T15:42:09.517Z",
    "dateUpdated": "2025-08-13T20:14:36.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9583 (GCVE-0-2020-9583)

Vulnerability from cvelistv5

Published

2020-06-26 20:19

Modified

2024-08-04 10:34

Severity ?

CWE

Command injection

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:19:15",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9583",
    "datePublished": "2020-06-26T20:19:15",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49521 (GCVE-0-2024-49521)

Vulnerability from cvelistv5

Published

2024-11-12 16:41

Modified

2024-11-12 17:07

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-90.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 3.2.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T17:07:18.330081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T17:07:29.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "3.2.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T16:41:28.324Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-90.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-49521",
    "datePublished": "2024-11-12T16:41:28.324Z",
    "dateReserved": "2024-10-15T15:35:47.029Z",
    "dateUpdated": "2024-11-12T17:07:29.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24416 (GCVE-0-2025-24416)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:47.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:08.644Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24416",
    "datePublished": "2025-02-11T17:37:50.979Z",
    "dateReserved": "2025-01-21T17:00:45.701Z",
    "dateUpdated": "2025-02-27T20:38:08.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9630 (GCVE-0-2020-9630)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Business logic error

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Business logic error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:26",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Business logic error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9630",
    "datePublished": "2020-06-26T20:20:26",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24406 (GCVE-0-2025-24406)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-03-17 20:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:51:36.587744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:56:26.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T20:51:05.033Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24406",
    "datePublished": "2025-02-11T17:37:40.430Z",
    "dateReserved": "2025-01-21T17:00:45.699Z",
    "dateUpdated": "2025-03-17T20:51:05.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39404 (GCVE-0-2024-39404)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:12:52.238305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:15:23.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:07.181Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A user without Shop Policy Parameters section privilege can alter the shop policy parameters section"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39404",
    "datePublished": "2024-08-14T11:57:07.181Z",
    "dateReserved": "2024-06-24T20:32:06.591Z",
    "dateUpdated": "2024-08-14T14:15:23.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24421 (GCVE-0-2025-24421)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-16 19:26

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24421",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:49:01.886150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:56:57.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T19:26:19.966Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24421",
    "datePublished": "2025-02-11T17:37:37.036Z",
    "dateReserved": "2025-01-21T17:00:45.701Z",
    "dateUpdated": "2025-04-16T19:26:19.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9664 (GCVE-0-2020-9664)

Vulnerability from cvelistv5

Published

2020-07-22 19:23

Modified

2024-08-04 10:34

Severity ?

CWE

PHP Object Injection

Summary

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-41.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 1.14.4.5 and earlier, and 1.9.4.5 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "1.14.4.5 and earlier, and 1.9.4.5 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "PHP Object Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T19:23:22",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.14.4.5 and earlier, and 1.9.4.5 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "PHP Object Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-41.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9664",
    "datePublished": "2020-07-22T19:23:22",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29294 (GCVE-0-2023-29294)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-840 - Business Logic Errors ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:44.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:09.536472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:35.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-840",
              "description": "Business Logic Errors (CWE-840)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Bypass Purchase Order Approval using Company User in Adobe Commerce B2B"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29294",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:35.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26366 (GCVE-0-2023-26366)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:41

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:46:24.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26366",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:13.450554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:10.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application\u0027s path boundary."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.8,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T06:15:11.323Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-26366",
    "datePublished": "2023-10-13T06:15:11.323Z",
    "dateReserved": "2023-02-22T19:47:52.379Z",
    "dateUpdated": "2025-02-27T20:41:10.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45125 (GCVE-0-2024-45125)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:06:28.714277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:06:40.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:49.672Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45125",
    "datePublished": "2024-10-10T09:57:49.672Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-10T14:06:40.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45132 (GCVE-0-2024-45132)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-14 10:37

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:02:03.811555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:02:13.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T10:37:42.897Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45132",
    "datePublished": "2024-10-10T09:57:55.112Z",
    "dateReserved": "2024-08-21T23:00:59.346Z",
    "dateUpdated": "2024-10-14T10:37:42.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39410 (GCVE-0-2024-39410)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:07

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:09:47.336399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:31.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:07:19.690Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39410",
    "datePublished": "2024-08-14T11:57:17.152Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-17T11:07:19.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39397 (GCVE-0-2024-39397)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-16 12:49

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:10:46.525735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:11.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "Unrestricted Upload of File with Dangerous Type (CWE-434)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:49:11.103Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39397",
    "datePublished": "2024-08-14T11:57:14.067Z",
    "dateReserved": "2024-06-24T20:32:06.590Z",
    "dateUpdated": "2024-09-16T12:49:11.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3719 (GCVE-0-2020-3719)

Vulnerability from cvelistv5

Published

2020-01-29 18:52

Modified

2024-08-04 07:44

Severity ?

CWE

SQL injection

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL injection    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:52:08",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3719",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL injection    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3719",
    "datePublished": "2020-01-29T18:52:08",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34109 (GCVE-0-2024-34109)

Vulnerability from cvelistv5

Published

2024-06-13 09:05

Modified

2024-09-17 11:08

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T03:55:30.751120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T13:45:30.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:08:17.339Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34109",
    "datePublished": "2024-06-13T09:05:00.703Z",
    "dateReserved": "2024-04-30T19:50:50.902Z",
    "dateUpdated": "2024-09-17T11:08:17.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24430 (GCVE-0-2025-24430)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 16:04

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24430",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:48:47.578421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:55:23.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 3.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 3.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T16:04:34.802Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24430",
    "datePublished": "2025-02-11T17:37:46.142Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-04-15T16:04:34.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45118 (GCVE-0-2024-45118)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 13:45

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:45:03.032950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:45:35.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:51.201Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45118",
    "datePublished": "2024-10-10T09:57:51.201Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-10-10T13:45:35.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3716 (GCVE-0-2020-3716)

Vulnerability from cvelistv5

Published

2020-01-29 18:50

Modified

2024-08-04 07:44

Severity ?

CWE

Deserialization of untrusted data

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Deserialization of untrusted data    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:50:25",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3716",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of untrusted data    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3716",
    "datePublished": "2020-01-29T18:50:25",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45134 (GCVE-0-2024-45134)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:05

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Exposure ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:05:23.037116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:05:32.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Exposure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:52.772Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Information Exposure (CWE-200)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45134",
    "datePublished": "2024-10-10T09:57:52.772Z",
    "dateReserved": "2024-08-21T23:00:59.347Z",
    "dateUpdated": "2024-10-10T14:05:32.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24410 (GCVE-0-2025-24410)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:37.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:12.890Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24410",
    "datePublished": "2025-02-11T17:37:33.017Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:12.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39406 (GCVE-0-2024-39406)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-16 12:07

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:12:23.020906Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:15:08.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.8,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:07:33.315Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39406",
    "datePublished": "2024-08-14T11:57:08.723Z",
    "dateReserved": "2024-06-24T20:32:06.592Z",
    "dateUpdated": "2024-09-16T12:07:33.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39405 (GCVE-0-2024-39405)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:13:21.609644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:15:39.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:06:05.847Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39405",
    "datePublished": "2024-08-14T11:57:05.644Z",
    "dateReserved": "2024-06-24T20:32:06.592Z",
    "dateUpdated": "2024-09-17T11:06:05.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45115 (GCVE-0-2024-45115)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 13:41

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.4-p10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:39:51.498290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:41:43.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:01.453Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authentication (CWE-287)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45115",
    "datePublished": "2024-10-10T09:58:01.453Z",
    "dateReserved": "2024-08-21T23:00:59.342Z",
    "dateUpdated": "2024-10-10T13:41:43.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38249 (GCVE-0-2023-38249)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:41

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:39:11.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:36.563490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:21.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:10:10.183Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38249",
    "datePublished": "2023-10-13T06:15:07.891Z",
    "dateReserved": "2023-07-13T16:21:52.617Z",
    "dateUpdated": "2025-02-27T20:41:21.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24413 (GCVE-0-2025-24413)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:43.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:13.267Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24413",
    "datePublished": "2025-02-11T17:37:49.367Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:13.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38219 (GCVE-0-2023-38219)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:40

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38219",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:34.055736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:40:52.021Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T06:15:14.650Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38219",
    "datePublished": "2023-10-13T06:15:14.650Z",
    "dateReserved": "2023-07-13T16:21:52.614Z",
    "dateUpdated": "2025-02-27T20:40:52.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9588 (GCVE-0-2020-9588)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Observable Timing Discrepancy

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Observable Timing Discrepancy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:53",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Observable Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9588",
    "datePublished": "2020-06-26T20:20:53",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45119 (GCVE-0-2024-45119)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-12-12 17:32

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:58:44.968427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:58:57.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.9,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T17:32:19.594Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45119",
    "datePublished": "2024-10-10T09:57:58.983Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-12-12T17:32:19.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45131 (GCVE-0-2024-45131)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-14 10:39

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:02:38.434065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:02:47.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T10:39:03.439Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45131",
    "datePublished": "2024-10-10T09:57:54.346Z",
    "dateReserved": "2024-08-21T23:00:59.346Z",
    "dateUpdated": "2024-10-14T10:39:03.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43586 (GCVE-0-2025-43586)

Vulnerability from cvelistv5

Published

2025-06-10 16:08

Modified

2025-06-11 04:01

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T04:01:36.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T16:08:56.439Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-43586",
    "datePublished": "2025-06-10T16:08:56.439Z",
    "dateReserved": "2025-04-16T16:23:13.182Z",
    "dateUpdated": "2025-06-11T04:01:36.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20758 (GCVE-0-2024-20758)

Vulnerability from cvelistv5

Published

2024-04-10 11:49

Modified

2025-04-15 15:45

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-18.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-beta3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20758",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-11T04:01:06.376409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-19T17:23:19.874Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T15:45:02.245Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-20758",
    "datePublished": "2024-04-10T11:49:04.024Z",
    "dateReserved": "2023-12-04T16:52:22.978Z",
    "dateUpdated": "2025-04-15T15:45:02.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38220 (GCVE-0-2023-38220)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:40

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38220",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:06.015859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:40:58.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T06:15:13.275Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Full page cache enumeration via cookie X-Magento-Vary"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38220",
    "datePublished": "2023-10-13T06:15:13.275Z",
    "dateReserved": "2023-07-13T16:21:52.614Z",
    "dateUpdated": "2025-02-27T20:40:58.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45148 (GCVE-0-2024-45148)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:04

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "adobe_commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.4-p10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:04:06.360804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:04:54.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:53.566Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authentication (CWE-287)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45148",
    "datePublished": "2024-10-10T09:57:53.566Z",
    "dateReserved": "2024-08-21T23:00:59.352Z",
    "dateUpdated": "2024-10-10T14:04:54.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27191 (GCVE-0-2025-27191)

Vulnerability from cvelistv5

Published

2025-04-08 20:17

Modified

2025-04-08 21:01

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-26.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27191",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:53:08.109328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T21:01:35.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T20:17:11.466Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-27191",
    "datePublished": "2025-04-08T20:17:11.466Z",
    "dateReserved": "2025-02-19T22:28:19.021Z",
    "dateUpdated": "2025-04-08T21:01:35.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45130 (GCVE-0-2024-45130)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:01

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:01:33.096426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:01:43.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:55.895Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45130",
    "datePublished": "2024-10-10T09:57:55.895Z",
    "dateReserved": "2024-08-21T23:00:59.345Z",
    "dateUpdated": "2024-10-10T14:01:43.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39412 (GCVE-0-2024-39412)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-16 12:27

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:11:56.125999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:45.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:27:45.851Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39412",
    "datePublished": "2024-08-14T11:57:10.222Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-16T12:27:45.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34105 (GCVE-0-2024-34105)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-08-02 02:42

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34105",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T16:04:12.111666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T16:04:26.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.8,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T09:04:57.617Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stored Cross Site Scripting in Order Comment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34105",
    "datePublished": "2024-06-13T09:04:57.617Z",
    "dateReserved": "2024-04-30T19:50:50.901Z",
    "dateUpdated": "2024-08-02T02:42:59.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24417 (GCVE-0-2025-24417)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:49.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:14.780Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24417",
    "datePublished": "2025-02-11T17:37:39.575Z",
    "dateReserved": "2025-01-21T17:00:45.701Z",
    "dateUpdated": "2025-02-27T20:38:14.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24425 (GCVE-0-2025-24425)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-840 - Business Logic Errors ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:51:39.825341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:56:48.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application\u0027s operations causing limited data modification. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-840",
              "description": "Business Logic Errors (CWE-840)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:16.282Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Business Logic Errors (CWE-840)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24425",
    "datePublished": "2025-02-11T17:37:37.917Z",
    "dateReserved": "2025-01-21T17:00:45.701Z",
    "dateUpdated": "2025-02-27T20:38:16.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9691 (GCVE-0-2020-9691)

Vulnerability from cvelistv5

Published

2020-07-29 12:20

Modified

2024-08-04 10:34

Severity ?

CWE

DOM-based Cross-Site Scripting

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-47.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DOM-based Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T12:20:52",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DOM-based Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9691",
    "datePublished": "2020-07-29T12:20:52",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24432 (GCVE-0-2025-24432)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 16:08

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T19:09:50.566596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T19:10:00.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 3.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 3.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T16:08:56.702Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24432",
    "datePublished": "2025-02-11T17:37:47.754Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-04-15T16:08:56.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24437 (GCVE-0-2025-24437)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 16:21

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:48:35.341017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:53:52.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T16:21:17.325Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24437",
    "datePublished": "2025-02-11T17:37:54.305Z",
    "dateReserved": "2025-01-21T17:00:45.703Z",
    "dateUpdated": "2025-04-15T16:21:17.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9689 (GCVE-0-2020-9689)

Vulnerability from cvelistv5

Published

2020-07-29 12:20

Modified

2024-08-04 10:34

Severity ?

CWE

Path Traversal

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-47.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T12:20:36",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9689",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9689",
    "datePublished": "2020-07-29T12:20:36",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29291 (GCVE-0-2023-29291)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:44.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29291",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:20.432569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:53.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Server Side Request Forgery (SSRF) in USPS carrier integration configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29291",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:53.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38218 (GCVE-0-2023-38218)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2024-08-02 17:30

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T10:54:06.399Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect Authorization  - Customer account takeover"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38218",
    "datePublished": "2023-10-13T06:15:09.975Z",
    "dateReserved": "2023-07-13T16:21:52.613Z",
    "dateUpdated": "2024-08-02T17:30:14.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8818 (GCVE-0-2020-8818)

Vulnerability from cvelistv5

Published

2020-02-25 01:20

Modified

2024-08-04 10:12

Severity ?

CWE

n/a

Summary

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.

References

►

URL

Tags

	https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107	x_refsource_MISC
	https://github.com/cardgate/magento2/issues/54	x_refsource_MISC
	http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cardgate/magento2/issues/54"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-25T16:45:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cardgate/magento2/issues/54"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107",
              "refsource": "MISC",
              "url": "https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107"
            },
            {
              "name": "https://github.com/cardgate/magento2/issues/54",
              "refsource": "MISC",
              "url": "https://github.com/cardgate/magento2/issues/54"
            },
            {
              "name": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8818",
    "datePublished": "2020-02-25T01:20:39",
    "dateReserved": "2020-02-10T00:00:00",
    "dateUpdated": "2024-08-04T10:12:10.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9591 (GCVE-0-2020-9591)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Defense-in-depth security mitigation

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Defense-in-depth security mitigation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:16",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9591",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Defense-in-depth security mitigation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9591",
    "datePublished": "2020-06-26T20:20:16",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24429 (GCVE-0-2025-24429)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-15 15:56

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:48:50.391982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:55:33.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 3.5,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 3.5,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T15:56:54.003Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24429",
    "datePublished": "2025-02-11T17:37:45.344Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-04-15T15:56:54.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29290 (GCVE-0-2023-29290)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-353 - Missing Support for Integrity Check ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:39:03.327161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:59.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-353",
              "description": "Missing Support for Integrity Check (CWE-353)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce Guest Cart Shipping Address Overwrite IDOR "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29290",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:59.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39416 (GCVE-0-2024-39416)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:14

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:11:27.908876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:32.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:11.759Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthorized user can export Orders Sale Report"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39416",
    "datePublished": "2024-08-14T11:57:11.759Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-08-14T14:14:32.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45129 (GCVE-0-2024-45129)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 14:25

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:07:37.843889Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:25:15.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:51.997Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45129",
    "datePublished": "2024-10-10T09:57:51.997Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-10T14:25:15.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43585 (GCVE-0-2025-43585)

Vulnerability from cvelistv5

Published

2025-06-10 16:08

Modified

2025-06-10 18:10

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T17:23:05.443011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T18:10:21.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T16:08:54.171Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-43585",
    "datePublished": "2025-06-10T16:08:54.171Z",
    "dateReserved": "2025-04-16T16:23:13.182Z",
    "dateUpdated": "2025-06-10T18:10:21.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45123 (GCVE-0-2024-45123)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 14:20

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (Reflected XSS) ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:55:45.697808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:20:13.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.1,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Reflected XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:03.098Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45123",
    "datePublished": "2024-10-10T09:58:03.098Z",
    "dateReserved": "2024-08-21T23:00:59.344Z",
    "dateUpdated": "2024-10-10T14:20:13.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39408 (GCVE-0-2024-39408)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-16 12:14

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:09:17.181009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:15.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:14:16.301Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39408",
    "datePublished": "2024-08-14T11:57:18.628Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-16T12:14:16.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34111 (GCVE-0-2024-34111)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-08-07 14:51

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF) ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "adobe_commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T21:18:03.965196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T21:20:36.876Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:43:00.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T14:51:52.418Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SSRF in service connector"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34111",
    "datePublished": "2024-06-13T09:04:59.166Z",
    "dateReserved": "2024-04-30T19:50:50.903Z",
    "dateUpdated": "2024-08-07T14:51:52.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39407 (GCVE-0-2024-39407)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39407",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:10:04.045645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:40.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:06:24.011Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39407",
    "datePublished": "2024-08-14T11:57:16.360Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-17T11:06:24.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3715 (GCVE-0-2020-3715)

Vulnerability from cvelistv5

Published

2020-01-29 18:49

Modified

2024-08-04 07:44

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:49:38",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3715",
    "datePublished": "2020-01-29T18:49:38",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45149 (GCVE-0-2024-45149)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-12-12 17:38

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45149",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:05:46.702315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:05:59.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T17:38:26.517Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45149",
    "datePublished": "2024-10-10T09:57:50.452Z",
    "dateReserved": "2024-08-21T23:00:59.352Z",
    "dateUpdated": "2024-12-12T17:38:26.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34104 (GCVE-0-2024-34104)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-09-17 11:08

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T13:48:20.835460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T13:48:49.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:43:00.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:08:38.931Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34104",
    "datePublished": "2024-06-13T09:04:56.852Z",
    "dateReserved": "2024-04-30T19:50:50.901Z",
    "dateUpdated": "2024-09-17T11:08:38.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49557 (GCVE-0-2025-49557)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 20:14

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:12.178137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:14:17.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:09.849Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49557",
    "datePublished": "2025-08-12T17:55:09.849Z",
    "dateReserved": "2025-06-06T15:42:09.518Z",
    "dateUpdated": "2025-08-13T20:14:17.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24434 (GCVE-0-2025-24434)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-03-17 20:32

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:36.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T20:32:01.005Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24434",
    "datePublished": "2025-02-11T17:37:53.501Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-03-17T20:32:01.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9690 (GCVE-0-2020-9690)

Vulnerability from cvelistv5

Published

2020-07-29 12:20

Modified

2024-08-04 10:34

Severity ?

CWE

Observable Timing Discrepancy

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-47.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Observable Timing Discrepancy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T12:20:42",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Observable Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9690",
    "datePublished": "2020-07-29T12:20:42",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29293 (GCVE-0-2023-29293)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29293",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:13.056473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:42.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user\u0027s minor feature. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "LOW",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:11:39.524Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29293",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:42.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24414 (GCVE-0-2025-24414)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-02-27 20:38

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:44.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:38:14.409Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24414",
    "datePublished": "2025-02-11T17:37:55.122Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-02-27T20:38:14.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34103 (GCVE-0-2024-34103)

Vulnerability from cvelistv5

Published

2024-06-13 09:05

Modified

2024-08-02 02:42

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T03:55:29.165247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T13:43:02.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T09:05:01.465Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Customer account takeover via web API call \u0026 subsequent password reset"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34103",
    "datePublished": "2024-06-13T09:05:01.465Z",
    "dateReserved": "2024-04-30T19:50:50.901Z",
    "dateUpdated": "2024-08-02T02:42:59.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49550 (GCVE-0-2025-49550)

Vulnerability from cvelistv5

Published

2025-06-25 17:41

Modified

2025-06-25 18:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T18:07:51.215731Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T18:08:05.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-25T17:41:58.948Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49550",
    "datePublished": "2025-06-25T17:41:58.948Z",
    "dateReserved": "2025-06-06T15:42:09.517Z",
    "dateUpdated": "2025-06-25T18:08:05.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49549 (GCVE-0-2025-49549)

Vulnerability from cvelistv5

Published

2025-06-25 17:41

Modified

2025-06-25 18:12

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49549",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T18:12:28.359332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T18:12:41.002Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-25T17:41:13.652Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49549",
    "datePublished": "2025-06-25T17:41:13.652Z",
    "dateReserved": "2025-06-06T15:42:09.516Z",
    "dateUpdated": "2025-06-25T18:12:41.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9577 (GCVE-0-2020-9577)

Vulnerability from cvelistv5

Published

2020-06-26 20:21

Modified

2024-08-04 10:34

Severity ?

CWE

Stored cross-site scripting

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure ."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored cross-site scripting    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:21:24",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9577",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure ."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9577",
    "datePublished": "2020-06-26T20:21:24",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26367 (GCVE-0-2023-26367)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:41

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:46:24.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:12.308086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:04.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.9,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T06:15:12.110Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Error based file extraction via PHP filter chains during product bulk import logic"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-26367",
    "datePublished": "2023-10-13T06:15:12.110Z",
    "dateReserved": "2023-02-22T19:47:52.380Z",
    "dateUpdated": "2025-02-27T20:41:04.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9631 (GCVE-0-2020-9631)

Vulnerability from cvelistv5

Published

2020-06-26 20:20

Modified

2024-08-04 10:34

Severity ?

CWE

Security mitigation bypass

Summary

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-22.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security mitigation bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T20:20:35",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.4 and earlier, 2.2.11 and earlier  (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security mitigation bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9631",
    "datePublished": "2020-06-26T20:20:35",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34108 (GCVE-0-2024-34108)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-08-07 14:47

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "magento_open_source",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34108",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T03:55:29.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T14:47:37.071Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Large attack surface through legit webhook usage in Adobe Commerce"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34108",
    "datePublished": "2024-06-13T09:04:55.355Z",
    "dateReserved": "2024-04-30T19:50:50.902Z",
    "dateUpdated": "2024-08-07T14:47:37.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45117 (GCVE-0-2024-45117)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 14:24

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:07:29.503697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:24:40.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.6,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "LOW",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 7.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:00.638Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45117",
    "datePublished": "2024-10-10T09:58:00.638Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-10-10T14:24:40.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34106 (GCVE-0-2024-34106)

Vulnerability from cvelistv5

Published

2024-06-13 09:05

Modified

2024-08-02 02:42

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "adobe_commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34106",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T16:21:10.281378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T16:22:19.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T09:05:02.253Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure Direct Object Reference - An attacker can able to erase the victim quote details"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34106",
    "datePublished": "2024-06-13T09:05:02.253Z",
    "dateReserved": "2024-04-30T19:50:50.901Z",
    "dateUpdated": "2024-08-02T02:42:59.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34107 (GCVE-0-2024-34107)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-09-17 11:08

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T13:30:50.245305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T13:37:44.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:43:00.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:08:47.953Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34107",
    "datePublished": "2024-06-13T09:04:58.392Z",
    "dateReserved": "2024-04-30T19:50:50.902Z",
    "dateUpdated": "2024-09-17T11:08:47.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24409 (GCVE-0-2025-24409)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-03-17 21:02

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T19:11:11.347420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T19:11:27.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11  and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T21:02:36.064Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Incorrect Authorization (CWE-863)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24409",
    "datePublished": "2025-02-11T17:37:38.725Z",
    "dateReserved": "2025-01-21T17:00:45.700Z",
    "dateUpdated": "2025-03-17T21:02:36.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39417 (GCVE-0-2024-39417)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-08-14 14:13

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:09:31.164493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:13:22.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T11:57:17.890Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "An unauthorized user can export the Shipping Report"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39417",
    "datePublished": "2024-08-14T11:57:17.890Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-08-14T14:13:22.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27190 (GCVE-0-2025-27190)

Vulnerability from cvelistv5

Published

2025-04-08 20:17

Modified

2025-04-08 21:01

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-26.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:53:02.852329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T21:01:35.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T20:17:12.748Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-27190",
    "datePublished": "2025-04-08T20:17:12.748Z",
    "dateReserved": "2025-02-19T22:28:19.021Z",
    "dateUpdated": "2025-04-08T21:01:35.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34110 (GCVE-0-2024-34110)

Vulnerability from cvelistv5

Published

2024-06-13 09:04

Modified

2024-08-02 02:43

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type ()

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-40.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T03:55:31.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:43:00.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "Unrestricted Upload of File with Dangerous Type (CWE-434)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T09:04:59.918Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RCE in the Adobe Commerce Webhook module through a legit webhook definition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34110",
    "datePublished": "2024-06-13T09:04:59.918Z",
    "dateReserved": "2024-04-30T19:50:50.902Z",
    "dateUpdated": "2024-08-02T02:43:00.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49558 (GCVE-0-2025-49558)

Vulnerability from cvelistv5

Published

2025-08-12 17:55

Modified

2025-08-13 18:57

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition ()

Summary

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-71.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:13.328697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T18:57:01.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource\u0027s state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T17:55:08.951Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-49558",
    "datePublished": "2025-08-12T17:55:08.951Z",
    "dateReserved": "2025-06-06T15:42:09.518Z",
    "dateUpdated": "2025-08-13T18:57:01.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39418 (GCVE-0-2024-39418)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-17 11:07

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-285 - Improper Authorization ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39418",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:08:28.760498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:12:53.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:07:31.253Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39418",
    "datePublished": "2024-08-14T11:57:20.916Z",
    "dateReserved": "2024-06-24T20:32:06.594Z",
    "dateUpdated": "2024-09-17T11:07:31.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39409 (GCVE-0-2024-39409)

Vulnerability from cvelistv5

Published

2024-08-14 11:57

Modified

2024-09-16 12:17

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-61.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7-p1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:11:00.315359Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:14:18.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:17:49.209Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39409",
    "datePublished": "2024-08-14T11:57:13.314Z",
    "dateReserved": "2024-06-24T20:32:06.593Z",
    "dateUpdated": "2024-09-16T12:17:49.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45120 (GCVE-0-2024-45120)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-12-12 17:36

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45120",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T14:01:07.602049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:01:18.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 3.1,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 3.1,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T17:36:42.455Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45120",
    "datePublished": "2024-10-10T09:57:56.691Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-12-12T17:36:42.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3718 (GCVE-0-2020-3718)

Vulnerability from cvelistv5

Published

2020-01-29 18:51

Modified

2024-08-04 07:44

Severity ?

CWE

Security bypass

Summary

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb20-02.html

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Adobe	Magento	Version: 2.3.3 and earlier Version: 2.2.10 and earlier Version: 1.14.4.3 and earlier Version: 1.9.4.3 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:50.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento",
          "vendor": "Adobe",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3 and earlier"
            },
            {
              "status": "affected",
              "version": "2.2.10 and earlier"
            },
            {
              "status": "affected",
              "version": "1.14.4.3 and earlier"
            },
            {
              "status": "affected",
              "version": "1.9.4.3 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security bypass    ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-29T18:51:29",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-3718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.3 and earlier"
                          },
                          {
                            "version_value": "2.2.10 and earlier"
                          },
                          {
                            "version_value": "1.14.4.3 and earlier"
                          },
                          {
                            "version_value": "1.9.4.3 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security bypass    "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-3718",
    "datePublished": "2020-01-29T18:51:29",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:44:50.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45116 (GCVE-0-2024-45116)

Vulnerability from cvelistv5

Published

2024-10-10 09:57

Modified

2024-10-10 13:57

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (XSS) ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "adobe_commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.4-p10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:56:29.955549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:57:57.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim\u0027s browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:57:59.730Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Cross-site Scripting (XSS) (CWE-79)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45116",
    "datePublished": "2024-10-10T09:57:59.730Z",
    "dateReserved": "2024-08-21T23:00:59.343Z",
    "dateUpdated": "2024-10-10T13:57:57.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45133 (GCVE-0-2024-45133)

Vulnerability from cvelistv5

Published

2024-10-10 09:58

Modified

2024-10-10 14:19

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb24-73.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:54:05.383562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T14:19:56.423Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T09:58:04.630Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45133",
    "datePublished": "2024-10-10T09:58:04.630Z",
    "dateReserved": "2024-08-21T23:00:59.346Z",
    "dateUpdated": "2024-10-10T14:19:56.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38250 (GCVE-0-2023-38250)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:41

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:39:12.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:35.408093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:16.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:10:16.289Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38250",
    "datePublished": "2023-10-13T06:15:08.688Z",
    "dateReserved": "2023-07-13T16:21:52.617Z",
    "dateUpdated": "2025-02-27T20:41:16.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24427 (GCVE-0-2025-24427)

Vulnerability from cvelistv5

Published

2025-02-11 17:37

Modified

2025-04-16 19:26

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-08.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.8-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24427",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:49:04.734497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:57:16.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.8-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T19:26:43.805Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-24427",
    "datePublished": "2025-02-11T17:37:35.413Z",
    "dateReserved": "2025-01-21T17:00:45.702Z",
    "dateUpdated": "2025-04-16T19:26:43.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38221 (GCVE-0-2023-38221)

Vulnerability from cvelistv5

Published

2023-10-13 06:15

Modified

2025-02-27 20:41

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ()

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.7-beta1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:49:37.836115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:27.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7-beta1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:10:33.271Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38221",
    "datePublished": "2023-10-13T06:15:06.405Z",
    "dateReserved": "2023-07-13T16:21:52.614Z",
    "dateUpdated": "2025-02-27T20:41:27.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27206 (GCVE-0-2025-27206)

Vulnerability from cvelistv5

Published

2025-06-10 16:08

Modified

2025-06-10 18:08

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control ()

Summary

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb25-50.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27206",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T18:08:33.615162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T18:08:42.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T16:08:57.172Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Access Control (CWE-284)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-27206",
    "datePublished": "2025-06-10T16:08:57.172Z",
    "dateReserved": "2025-02-19T22:28:19.024Z",
    "dateUpdated": "2025-06-10T18:08:42.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29295 (GCVE-0-2023-29295)

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2025-03-05 18:56

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization ()

Summary

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

References

►

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb23-35.html

Impacted products

	Vendor	Product	Version
	Adobe	Magento Commerce	Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:06.485183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:56:28.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.5-p2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.4-p3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization (CWE-863)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure Direct Object Reference (IDOR) in Create Quote Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-29295",
    "datePublished": "2023-06-15T00:00:00.000Z",
    "dateReserved": "2023-04-04T00:00:00.000Z",
    "dateUpdated": "2025-03-05T18:56:28.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to Adobe - Magento

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd