PT-2023-6095 · Adobe · Commerce
Published
2023-10-10
·
Updated
2023-10-14
·
CVE-2023-38251
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.7-beta1 and earlier
Adobe Commerce versions 2.4.6-p2 and earlier
Adobe Commerce versions 2.4.5-p4 and earlier
Adobe Commerce versions 2.4.4-p5 and earlier
Description
The issue is related to an Uncontrolled Resource Consumption vulnerability in Adobe Commerce. This vulnerability could lead to a minor application denial-of-service. Exploitation of this issue does not require user interaction, allowing a remote attacker to cause a denial-of-service.
Recommendations
For Adobe Commerce versions 2.4.7-beta1 and earlier, update to a version that is not affected by this issue.
For Adobe Commerce versions 2.4.6-p2 and earlier, update to a version that is not affected by this issue.
For Adobe Commerce versions 2.4.5-p4 and earlier, update to a version that is not affected by this issue.
For Adobe Commerce versions 2.4.4-p5 and earlier, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting resource consumption to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce