Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38209


Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.


Published

2023-08-09T08:15:09.660

Last Modified

2024-11-21T08:13:05.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-863

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe commerce < 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.6 Yes
Application adobe commerce 2.4.6 Yes

References