CVE-2023-22251

Published Mar 27, 2023

Last updated 2 years ago

Overview

Description: Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.
Source: psirt@adobe.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@adobe.com: CWE-863

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4",
            "versionEndExcluding": "2.4.4"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBE7069F-C3EE-46F1-85C4-4EC858C49E07",
            "versionEndExcluding": "2.4.4"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6340732-571E-468C-9834-A8B2FCB5F5B2"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2D8E4EA-9756-4F9B-BB73-A3EE9C3006FC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6943D30A-E4A8-47E9-B510-40C2950021D6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684E82D1-7BE3-4D47-9B19-935ED6EC6D62"
          },
          {
            "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.5:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80BA2D10-0D51-4E37-A40E-3F8903AE9374"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References