Lucene search

GoogleOSV:CVE-2022-35689

HistoryOct 14, 2022 - 8:15 p.m.

CVE-2022-35689

2022-10-1420:15:10

Google

osv.dev

adobe commerce

improper access control

security feature bypass

exploitation

availability

user interaction

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.0%

JSON

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
magento2eq0.1.0-alpha103
magento2eq0.74.0-beta6
magento2eq2.1.0-rc1
magento2eq0.74.0-beta3
magento2eq2.2.0-RC1.1
magento2eq2.4.2
magento2eq0.74.0-beta14
magento2eq0.74.0-beta16
magento2eq0.74.0-beta10
magento2eq0.42.0-beta10

Name	Operator	Version
magento2	eq	0.1.0-alpha103
magento2	eq	0.74.0-beta6
magento2	eq	2.1.0-rc1
magento2	eq	0.74.0-beta3
magento2	eq	2.2.0-RC1.1
magento2	eq	2.4.2
magento2	eq	0.74.0-beta14
magento2	eq	0.74.0-beta16
magento2	eq	0.74.0-beta10
magento2	eq	0.42.0-beta10

Rows per page:

1-10 of 711

References

helpx.adobe.com/security/products/magento/apsb22-48.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for OSV:CVE-2022-35689