CVE-2023-22250

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

Published: Mar 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-22250
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.4.4	2.4.4.x
adobe / magento_open_source	-	2.4.4
adobe / magento_open_source	2.4.5	2.4.5.x
adobe / magento_open_source	2.4.4-p1	2.4.4-p1.x
adobe / magento_open_source	2.4.4	2.4.4.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	-	2.4.4
adobe / magento_open_source	2.4.5-p1	2.4.5-p1.x
adobe / magento_open_source	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x

https://helpx.adobe.com/security/products/magento/apsb23-17.html

Vulnerability Database

289,782

CVE-2023-22250