PT-2022-6405 · Adobe · Commerce
Published
2022-10-11
·
Updated
2022-10-19
·
CVE-2022-35689
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.4-p1 and earlier
Adobe Commerce versions 2.4.5 and earlier
Description
The issue is related to an Improper Access Control that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. The vulnerability is associated with inadequate access control, which could allow a remote attacker to bypass security restrictions.
Recommendations
For Adobe Commerce versions 2.4.4-p1 and earlier, update to a version that addresses the Improper Access Control issue.
For Adobe Commerce versions 2.4.5 and earlier, update to a version that addresses the Improper Access Control issue.
As a temporary workaround, consider restricting access to security features to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce