Lucene search

[email protected]NVD:CVE-2022-35692

HistoryAug 19, 2022 - 11:15 p.m.

CVE-2022-35692

2022-08-1923:15:09

CWE-863

[email protected]

web.nvd.nist.gov

adobe commerce

vulnerability

improper access control

security bypass

information leakage

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user’s account detials. Exploitation of this issue does not require user interaction.

Affected configurations

NVD

Node

adobecommerceRange2.4.0–2.4.4

adobemagento_commerceMatch2.3.7-

adobemagento_commerceMatch2.3.7p1

adobemagento_commerceMatch2.3.7p2

adobemagento_commerceMatch2.3.7p3

adobemagento_commerceMatch2.4.3-

adobemagento_commerceMatch2.4.3p1

adobemagento_commerceMatch2.4.3p2

adobemagento_commerceMatch2.4.4-

References

helpx.adobe.com/security/products/magento/apsb22-38.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for NVD:CVE-2022-35692

cve1 cvelist1 prion1 adobe2