Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb23-35.html | Vendor Advisory |
https://helpx.adobe.com/security/products/magento/apsb23-35.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://helpx.adobe.com/security/products/magento/apsb23-35.html - Vendor Advisory |
22 Jun 2023, 15:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Adobe commerce
Adobe magento Adobe |
|
CPE | cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* |
|
References | (MISC) https://helpx.adobe.com/security/products/magento/apsb23-35.html - Vendor Advisory |
15 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-15 19:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-29288
Mitre link : CVE-2023-29288
CVE.ORG link : CVE-2023-29288
JSON object : View
Products Affected
adobe
- commerce
- magento
CWE
CWE-863
Incorrect Authorization