CVE-2022-34256

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

Published: Aug 16, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-34256
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.3.7-p1	2.3.7-p1.x
adobe / commerce	2.4.3-p1	2.4.3-p1.x
adobe / commerce	2.4.3	2.4.3.x
adobe / commerce	2.3.7-p2	2.3.7-p2.x
magento / magento	2.4.3-p1	2.4.3-p1.x
magento / magento	2.4.3	2.4.3.x
magento / magento	2.3.7-p2	2.3.7-p2.x
magento / magento	2.3.7-p1	2.3.7-p1.x
magento / magento	2.4.4	2.4.4.x
magento / magento	2.4.3-p2	2.4.3-p2.x
magento / magento	2.4.0	2.4.3
magento / magento	2.3.7-p3	2.3.7-p3.x
magento / magento	2.3.0	2.3.7
magento / magento	2.3.7	2.3.7.x
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.4.3-p2	2.4.3-p2.x
adobe / commerce	2.3.7	2.3.7.x
adobe / commerce	2.4.0	2.4.3
adobe / commerce	2.3.7-p3	2.3.7-p3.x
adobe / commerce	2.3.0	2.3.7

https://helpx.adobe.com/security/products/magento/apsb22-38.html

Vulnerability Database

289,784

CVE-2022-34256