Lucene search

AdobeAPSB23-35

HistoryJun 13, 2023 - 12:00 a.m.

APSB23-35 : Security update available for Adobe Commerce

2023-06-1300:00:00

helpx.adobe.com

144

adobe commerce

magento open source

security update

critical vulnerabilities

important vulnerabilities

moderate vulnerabilities

arbitrary code execution

security feature bypass

arbitrary file system read

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.6%

JSON

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and arbitrary file system read.

Affected configurations

Vulners

Node

adobeadobe_commerceRange≤2.4

adobeadobe_commerceRange≤2.3

adobemagentoRange≤2.4open_source

CPENameOperatorVersion
adobe commercele2.4
adobe commercele2.3
magento open sourcele2.4

Name	Operator	Version
adobe commerce	le	2.4
adobe commerce	le	2.3
magento open source	le	2.4

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for APSB23-35