CVE-2022-34255

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier

Description The issue is related to improper access control, which could result in privilege escalation. An attacker with a low-privilege account could leverage this to perform an account takeover for a victim. Exploitation does not require user interaction. The vulnerability is also associated with insufficient input validation, allowing a remote attacker to elevate privileges by sending a specially crafted request.

Recommendations For Adobe Commerce versions 2.4.3-p2 and earlier, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.3.7-p3 and earlier, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.4.4 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the platform to minimize the risk of exploitation.