Lucene search

AdobeAPSB23-42

HistoryAug 08, 2023 - 12:00 a.m.

APSB23-42 : Security update available for Adobe Commerce

2023-08-0800:00:00

helpx.adobe.com

150

adobe

commerce

magento

security

update

vulnerabilities

exploitation

code execution

privilege escalation

file system read

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

46.1%

JSON

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read.

Affected configurations

Vulners

Node

adobeadobe_commerceRange≤2.4

adobeadobe_commerceRange≤2.3

adobemagentoRange≤2.4open_source

CPENameOperatorVersion
adobe commercele2.4
adobe commercele2.3
magento open sourcele2.4

Name	Operator	Version
adobe commerce	le	2.4
adobe commerce	le	2.3
magento open source	le	2.4

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

46.1%

JSON

Related for APSB23-42