The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in errors in XML request processing, which allow attackers to gain unauthorized access to protected information.

🗓️ 02 Apr 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Extensible Markup Language processing errors in Magento Open Source and Adobe Commerce enable unauthorized access.

Reporter	Title	Published	Views	Family All 12
CNNVD	Adobe Commerce 安全漏洞	15 Mar 202300:00	–	cnnvd
CVE	CVE-2023-22247	27 Mar 202300:00	–	cve
Cvelist	CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read	27 Mar 202300:00	–	cvelist
EUVD	EUVD-2023-26411	3 Oct 202520:07	–	euvd
Github Security Blog	Magento Open Source allows XML Injection	27 Mar 202321:30	–	github
NVD	CVE-2023-22247	27 Mar 202321:15	–	nvd
OSV	GHSA-2444-8GJ8-6FMX Magento Open Source allows XML Injection	27 Mar 202321:30	–	osv
Prion	Design/Logic Flaw	27 Mar 202321:15	–	prion
Positive Technologies	PT-2023-2050 · Adobe · Commerce	14 Mar 202300:00	–	ptsecurity
Snyk	XML Injection	27 Mar 202321:30	–	snyk

Vulners

Node

adobe_systems adobe_commerceRange≤2.4.4-p2

OR

adobe_systems adobe_commerceRange≤2.4.5-p1

OR

adobe_systems magento_open_sourceRange≤2.4.4-p2

OR

adobe_systems magento_open_sourceRange≤2.4.5-p1

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb23-17.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023031480
web	www.web.nvd.nist.gov/view/vuln/detail

02 Apr 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.00928

Magento Open Source Adobe Commerce Extensible Markup Language Processing errors Unauthorized access Protected data