Описание
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.3 (включая)
Одно из
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
Конфигурация 2Версия до 2.4.3 (включая)
Одно из
cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
EPSS
Процентиль: 38%
0.00166
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-285
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
fstec
больше 1 года назад
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и раскрыть защищаемую информацию
EPSS
Процентиль: 38%
0.00166
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-285
NVD-CWE-noinfo