CVE-2022-35692

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.3-p2 through 2.4.4 Adobe Commerce versions 2.3.7-p3 and earlier

Description The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account details. Exploitation of this issue does not require user interaction. The vulnerability is associated with deficiencies in the authorization mechanism, which could allow a remote attacker to disclose information about the account data of arbitrary users.

Recommendations For Adobe Commerce versions 2.4.3-p2 through 2.4.4, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.3.7-p3 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive account information until a patch is available.