Overview
- Description
- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
- Exploit added on
- Feb 15, 2022
- Exploit action due
- Mar 1, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- psirt@adobe.com
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90B19F1A-11A1-4315-8433-6B8938228BF7",
"versionEndExcluding": "2.3.0"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5229EE3-4D7C-473B-AEDA-7FC6CC75486B",
"versionEndIncluding": "2.3.6",
"versionStartExcluding": "2.3.3"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DFFF83C-2A52-442D-8349-7B37843B630F",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.4.0"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78"
},
{
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4839E061-1E2C-47BE-9FF7-7D6EE17085E1",
"versionEndExcluding": "2.3.0"
},
{
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "768F5B14-76BE-4BF6-80F0-C35386B0C61F",
"versionEndIncluding": "2.3.6",
"versionStartExcluding": "2.3.3"
},
{
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "664A23B2-48D1-46E8-BA7F-3F693C19D5CC",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.4.0"
},
{
"criteria": "cpe:2.3:a:magento:magento:2.3.7:p1:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F954F97-00FF-4ADC-A185-ACF0513C5294"
},
{
"criteria": "cpe:2.3:a:magento:magento:2.3.7:p2:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4798194-5488-4DB5-8427-0AFDDD8F4D0E"
},
{
"criteria": "cpe:2.3:a:magento:magento:2.4.3:-:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A573FBD1-29A3-4601-B0FA-AFEF953C05E5"
},
{
"criteria": "cpe:2.3:a:magento:magento:2.4.3:p1:*:*:commerce:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D138592-62B8-458A-9B95-9E05FDA8D63A"
}
],
"operator": "OR"
}
]
}
]