Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22248

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.

Published

2023-06-15T19:15:10.413

Last Modified

2024-11-21T07:44:23.877

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-863
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.6 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.6 Yes
References