Описание
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.2408 (исключая)
cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00155
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 5.9
github
около 1 года назад
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
EPSS
Процентиль: 36%
0.00155
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-862
CWE-862