CVE-2022-34259

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
adobeCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
adobecommerce
2.3.0 ≤
𝑥
< 2.3.7
adobecommerce
2.4.0 ≤
𝑥
< 2.4.3
adobecommerce
2.3.7
adobecommerce
2.3.7:p1
adobecommerce
2.3.7:p2
adobecommerce
2.3.7:p3
adobecommerce
2.4.3
adobecommerce
2.4.3:p1
adobecommerce
2.4.3:p2
adobecommerce
2.4.4
magentomagento
2.3.0 ≤
𝑥
< 2.3.7
magentomagento
2.4.0 ≤
𝑥
< 2.4.3
magentomagento
2.3.7
magentomagento
2.3.7:p1
magentomagento
2.3.7:p2
magentomagento
2.3.7:p3
magentomagento
2.4.3
magentomagento
2.4.3:p1
magentomagento
2.4.3:p2
magentomagento
2.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/magento/apsb22-38.html
https://helpx.adobe.com/security/products/magento/apsb22-38.html