Overview
- Description
- Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.
- Source
- psirt@adobe.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- psirt@adobe.com
- CWE-20
Social media
- Hype score
- Not currently trending