CVE-2023-29297

🗓️ 15 Jun 2023 00:00:00Reported by adobeType

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.	24 Jul 202300:00	–	bdu_fstec
CNNVD	Adobe Commerce 安全漏洞	15 Jun 202300:00	–	cnnvd
CNVD	Adobe Commerce Arbitrary Code Execution Vulnerability	18 Jun 202300:00	–	cnvd
Cvelist	CVE-2023-29297 Admin-to-admin stored XSS via cache poisoning	15 Jun 202300:00	–	cvelist
EUVD	EUVD-2023-32872	3 Oct 202520:07	–	euvd
Github Security Blog	Magento Open Source allows Improper Neutralization of Special Elements Used	15 Jun 202321:30	–	github
NCSC	Vulnerabilities fixed in Adobe Commerce and Magento	15 Jun 202300:00	–	ncsc
NVD	CVE-2023-29297	15 Jun 202319:15	–	nvd
OSV	GHSA-GFMM-WW6F-5MM5 Magento Open Source allows Improper Neutralization of Special Elements Used	15 Jun 202321:30	–	osv
Prion	Design/Logic Flaw	15 Jun 202319:15	–	prion

NVD

Vulners

Node

adobe commerceMatch2.3.7-

adobe commerceMatch2.3.7p1

adobe commerceMatch2.3.7p2

adobe commerceMatch2.3.7p3

adobe commerceMatch2.3.7p4

adobe commerceMatch2.3.7p4-ext1

adobe commerceMatch2.3.7p4-ext2

adobe commerceMatch2.4.0-

adobe commerceMatch2.4.0ext-1

adobe commerceMatch2.4.0ext-2

adobe commerceMatch2.4.1-

adobe commerceMatch2.4.1ext-1

adobe commerceMatch2.4.1ext-2

adobe commerceMatch2.4.2-

adobe commerceMatch2.4.2ext-1

adobe commerceMatch2.4.2ext-2

adobe commerceMatch2.4.3-

adobe commerceMatch2.4.3ext-1

adobe commerceMatch2.4.3ext-2

adobe commerceMatch2.4.4-

adobe commerceMatch2.4.4p1

adobe commerceMatch2.4.4p2

adobe commerceMatch2.4.4p3

adobe commerceMatch2.4.5-

adobe commerceMatch2.4.5p1

adobe commerceMatch2.4.5p2

adobe commerceMatch2.4.6-

adobe magentoMatch2.4.4-open_source

adobe magentoMatch2.4.4p1open_source

adobe magentoMatch2.4.4p2open_source

adobe magentoMatch2.4.4p3open_source

adobe magentoMatch2.4.5-open_source

adobe magentoMatch2.4.5p1open_source

adobe magentoMatch2.4.5p2open_source

adobe magentoMatch2.4.6-open_source

[
  {
    "vendor": "Adobe",
    "product": "Magento Commerce",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.6",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.5-p2",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.4-p3",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb23-35.html

21 Nov 2024 07:56Current

8.3High risk

Vulners AI Score8.3

CVSS 3.17.2 - 9.1

EPSS0.08749

SSVC

CWE-1336