PT-2023-5394 · Adobe · Magento Open Source+1
Published
2023-08-08
·
Updated
2023-08-15
·
CVE-2023-38209
CVSS v2.0
8.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.6-p1 and earlier
Adobe Commerce versions 2.4.5-p3 and earlier
Adobe Commerce versions 2.4.4-p4 and earlier
Description
The issue is related to insufficient access control in Adobe Commerce and Magento Open Source, allowing a remote attacker to bypass existing security restrictions and elevate their privileges. A low-privileged attacker could leverage this issue to access other users' data without requiring user interaction.
Recommendations
For Adobe Commerce versions 2.4.6-p1 and earlier, update to a version that includes the security fix for this issue.
For Adobe Commerce versions 2.4.5-p3 and earlier, update to a version that includes the security fix for this issue.
For Adobe Commerce versions 2.4.4-p4 and earlier, update to a version that includes the security fix for this issue.
As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.
Fix
Incorrect Authorization
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Commerce
Magento Open Source