Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29297

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

Published

2023-06-15T19:15:11.310

Last Modified

2024-11-21T07:56:49.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-1336
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.3.7	Yes
Application	adobe	commerce	2.4.0	Yes
Application	adobe	commerce	2.4.0	Yes
Application	adobe	commerce	2.4.0	Yes
Application	adobe	commerce	2.4.1	Yes
Application	adobe	commerce	2.4.1	Yes
Application	adobe	commerce	2.4.1	Yes
Application	adobe	commerce	2.4.2	Yes
Application	adobe	commerce	2.4.2	Yes
Application	adobe	commerce	2.4.2	Yes
Application	adobe	commerce	2.4.3	Yes
Application	adobe	commerce	2.4.3	Yes
Application	adobe	commerce	2.4.3	Yes
Application	adobe	commerce	2.4.4	Yes
Application	adobe	commerce	2.4.4	Yes
Application	adobe	commerce	2.4.4	Yes
Application	adobe	commerce	2.4.4	Yes
Application	adobe	commerce	2.4.5	Yes
Application	adobe	commerce	2.4.5	Yes
Application	adobe	commerce	2.4.5	Yes
Application	adobe	commerce	2.4.6	Yes
Application	adobe	magento	2.4.4	Yes
Application	adobe	magento	2.4.4	Yes
Application	adobe	magento	2.4.4	Yes
Application	adobe	magento	2.4.4	Yes
Application	adobe	magento	2.4.5	Yes
Application	adobe	magento	2.4.5	Yes
Application	adobe	magento	2.4.5	Yes
Application	adobe	magento	2.4.6	Yes

References

https://helpx.adobe.com/security/products/magento/apsb23-35.html Vendor Advisory ([email protected])
https://helpx.adobe.com/security/products/magento/apsb23-35.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)