3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
22.7%
User session is not logged out if the password is reset via password recovery
Fixed in 6.4.8.1, maintainers recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/download/#shopware-6
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
CPE | Name | Operator | Version |
---|---|---|---|
shopware/core | le | 6.4.8.0 | |
shopware/platform | le | 6.4.8.0 |
docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates
github.com/advisories/GHSA-w267-m9c4-8555
github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64
github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6
github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555
nvd.nist.gov/vuln/detail/CVE-2022-24744
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
22.7%