CVE-2023-22251

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p2 and earlier Adobe Commerce versions 2.4.5-p1 and earlier

Description The issue is related to an Incorrect Authorization vulnerability in Adobe Commerce. This vulnerability could allow a low-privileged authenticated attacker to achieve minor information disclosure. It is also associated with deficiencies in the authorization procedure, which can be exploited by a remote attacker to bypass existing security restrictions.

Recommendations For Adobe Commerce versions 2.4.4-p2 and earlier, update to a version later than 2.4.4-p2 to resolve the issue. For Adobe Commerce versions 2.4.5-p1 and earlier, update to a version later than 2.4.5-p1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.