CVE-2023-29288

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.6 and earlier Adobe Commerce versions 2.4.5-p2 and earlier Adobe Commerce versions 2.4.4-p3 and earlier

Description The issue is related to an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. The vulnerability may allow a remote attacker to bypass existing security restrictions.

Recommendations For Adobe Commerce versions 2.4.6 and earlier, update to a version that includes the security fix. For Adobe Commerce versions 2.4.5-p2 and earlier, update to a version that includes the security fix. For Adobe Commerce versions 2.4.4-p3 and earlier, update to a version that includes the security fix. As a temporary workaround, consider restricting access to sensitive user data to minimize the risk of exploitation.