PT-2022-4386 · Adobe · Magento Open Source+1
Published
2022-08-09
·
Updated
2024-03-06
·
CVE-2022-34256
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.3-p2 and earlier
Adobe Commerce versions 2.3.7-p3 and earlier
Adobe Commerce versions 2.4.4 and earlier
Description
The issue is related to insufficient authorization procedures in Adobe Commerce and Magento Open Source, allowing a remote attacker to escalate their privileges. This could result in the attacker accessing other users' data without requiring any user interaction.
Recommendations
For Adobe Commerce versions 2.4.3-p2 and earlier, update to a version later than 2.4.3-p2 to resolve the issue.
For Adobe Commerce versions 2.3.7-p3 and earlier, update to a version later than 2.3.7-p3 to resolve the issue.
For Adobe Commerce versions 2.4.4 and earlier, update to a version later than 2.4.4 to resolve the issue.
Fix
Improper Authorization
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Commerce
Magento Open Source