CVE-2022-35689

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

Published: Oct 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-35689
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.4.4	2.4.4.x
adobe / magento_open_source	-	2.4.4
adobe / magento_open_source	2.4.5	2.4.5.x
adobe / magento_open_source	2.4.4-p1	2.4.4-p1.x
adobe / magento_open_source	2.4.4	2.4.4.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	-	2.4.4

https://helpx.adobe.com/security/products/magento/apsb22-48.html

Vulnerability Database

289,784

CVE-2022-35689