Lucene search

GoogleOSV:CVE-2023-29294

HistoryJun 15, 2023 - 7:15 p.m.

CVE-2023-29294

2023-06-1519:15:11

Google

osv.dev

cve-2023-29294

business logic errors

adobe commerce

security feature bypass

low-privileged attacker

exploitation

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.3%

JSON

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
magento2eq0.74.0-beta3
magento2eq0.42.0-beta10
magento2eq0.1.0-alpha92
magento2eq0.1.0-alpha102
magento2eq0.42.0-beta3
magento2eq2.1.0-rc2
magento2eq2.2.0-RC1.3
magento2eq2.3.4
magento2eq0.42.0-beta5
magento2eq0.42.0-beta11

Name	Operator	Version
magento2	eq	0.74.0-beta3
magento2	eq	0.42.0-beta10
magento2	eq	0.1.0-alpha92
magento2	eq	0.1.0-alpha102
magento2	eq	0.42.0-beta3
magento2	eq	2.1.0-rc2
magento2	eq	2.2.0-RC1.3
magento2	eq	2.3.4
magento2	eq	0.42.0-beta5
magento2	eq	0.42.0-beta11

Rows per page:

1-10 of 801

References

helpx.adobe.com/security/products/magento/apsb23-35.html

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for OSV:CVE-2023-29294