PT-2023-3165 · Adobe · Commerce
Published
2023-06-13
·
Updated
2023-06-22
·
CVE-2023-29288
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.6 and earlier
Adobe Commerce versions 2.4.5-p2 and earlier
Adobe Commerce versions 2.4.4-p3 and earlier
Description
The issue is related to an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. The vulnerability may allow a remote attacker to bypass existing security restrictions.
Recommendations
For Adobe Commerce versions 2.4.6 and earlier, update to a version that includes the security fix.
For Adobe Commerce versions 2.4.5-p2 and earlier, update to a version that includes the security fix.
For Adobe Commerce versions 2.4.4-p3 and earlier, update to a version that includes the security fix.
As a temporary workaround, consider restricting access to sensitive user data to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce