Lucene search

K
nvd[email protected]NVD:CVE-2022-24086
HistoryFeb 16, 2022 - 5:15 p.m.

CVE-2022-24086

2022-02-1617:15:13
CWE-20
web.nvd.nist.gov
7
adobe commerce
input validation
vulnerability
checkout process
arbitrary code execution

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.226

Percentile

96.5%

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Affected configurations

Nvd
Node
adobecommerceRange<2.3.0
OR
adobecommerceRange2.3.32.3.6
OR
adobecommerceRange2.4.02.4.2
OR
adobecommerceMatch2.3.7p1
OR
adobecommerceMatch2.3.7p2
OR
adobecommerceMatch2.4.3-
OR
adobecommerceMatch2.4.3p1
OR
magentomagentoRange<2.3.0commerce
OR
magentomagentoRange2.3.32.3.6commerce
OR
magentomagentoRange2.4.02.4.2commerce
OR
magentomagentoMatch2.3.7p1commerce
OR
magentomagentoMatch2.3.7p2commerce
OR
magentomagentoMatch2.4.3-commerce
OR
magentomagentoMatch2.4.3p1commerce
VendorProductVersionCPE
adobecommerce*cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
adobecommerce2.3.7cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
adobecommerce2.4.3cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
adobecommerce2.4.3cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*
magentomagento*cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
magentomagento2.3.7cpe:2.3:a:magento:magento:2.3.7:p1:*:*:commerce:*:*:*
magentomagento2.3.7cpe:2.3:a:magento:magento:2.3.7:p2:*:*:commerce:*:*:*
magentomagento2.4.3cpe:2.3:a:magento:magento:2.4.3:-:*:*:commerce:*:*:*
magentomagento2.4.3cpe:2.3:a:magento:magento:2.4.3:p1:*:*:commerce:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.226

Percentile

96.5%