CVE-2023-38220

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier

Description The issue is related to an Improper Authorization vulnerability in Adobe Commerce and Magento Open Source, which could allow an attacker to bypass security restrictions and access unauthorized data. This vulnerability can be exploited remotely without requiring user interaction.

Recommendations For Adobe Commerce versions 2.4.7-beta1 and earlier, update to a version that fixes the Improper Authorization vulnerability. For Adobe Commerce versions 2.4.6-p2 and earlier, update to a version that fixes the Improper Authorization vulnerability. For Adobe Commerce versions 2.4.5-p4 and earlier, update to a version that fixes the Improper Authorization vulnerability. For Adobe Commerce versions 2.4.4-p5 and earlier, update to a version that fixes the Improper Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.