CVE-2023-22248

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory
https://helpx.adobe.com/security/products/magento/apsb23-35.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:commerce:2.3.7:-::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p1::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p2::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p3::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1::::::
	cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2::::::
	cpe:2.3:a:adobe:commerce:2.4.0:-::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.0:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.1:-::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.1:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.2:-::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.2:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.3:-::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-1::::::
	cpe:2.3:a:adobe:commerce:2.4.3:ext-2::::::
	cpe:2.3:a:adobe:commerce:2.4.4:-::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.5:-::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.6:-::::::
	cpe:2.3:a:adobe:magento:2.4.4:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.4:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:-:::open_source:::*

History

21 Nov 2024, 07:44

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/magento/apsb23-35.html - Vendor Advisory~~	() https://helpx.adobe.com/security/products/magento/apsb23-35.html - Vendor Advisory

Information

Published : 2023-06-15 19:15

Updated : 2024-11-21 07:44

NVD link : CVE-2023-22248

Mitre link : CVE-2023-22248

CVE.ORG link : CVE-2023-22248

JSON object : View

Products Affected

adobe

magento
commerce

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-22248", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-06-15T19:15:10.413", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction."}], "lastModified": "2024-11-21T07:44:23.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81"}, {"criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}

7.5 /10