Lucene search

GoogleOSV:CVE-2023-22247

HistoryMar 27, 2023 - 9:15 p.m.

CVE-2023-22247

2023-03-2721:15:10

Google

osv.dev

cve-2023-22247

xml injection

adobe commerce

arbitrary file system read

unauthenticated attacker

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.0%

JSON

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
magento2eq0.1.0-alpha103
magento2eq0.74.0-beta6
magento2eq2.1.0-rc1
magento2eq0.74.0-beta3
magento2eq2.2.0-RC1.1
magento2eq2.4.2
magento2eq0.74.0-beta14
magento2eq0.74.0-beta16
magento2eq0.74.0-beta10
magento2eq0.42.0-beta10

Name	Operator	Version
magento2	eq	0.1.0-alpha103
magento2	eq	0.74.0-beta6
magento2	eq	2.1.0-rc1
magento2	eq	0.74.0-beta3
magento2	eq	2.2.0-RC1.1
magento2	eq	2.4.2
magento2	eq	0.74.0-beta14
magento2	eq	0.74.0-beta16
magento2	eq	0.74.0-beta10
magento2	eq	0.42.0-beta10

Rows per page:

1-10 of 711

References

helpx.adobe.com/security/products/magento/apsb23-17.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for OSV:CVE-2023-22247