Lucene search

GoogleOSV:CVE-2023-29297

HistoryJun 15, 2023 - 7:15 p.m.

CVE-2023-29297

2023-06-1519:15:11

Google

osv.dev

adobe commerce

vulnerability

arbitrary code execution

admin-privilege authenticated attacker

template engine

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
magento2eq0.42.0-beta7
magento2eq0.1.0-alpha92
magento2eq2.2.0-RC1.1
magento2eq2.2.0-rc2.0
magento2eq2.1.0-rc1
magento2eq2.2.0-rc3.0
magento2eq0.42.0-beta4
magento2eq2.3.2
magento2eq0.1.0-alpha104
magento2eq0.1.0-alpha97

Name	Operator	Version
magento2	eq	0.42.0-beta7
magento2	eq	0.1.0-alpha92
magento2	eq	2.2.0-RC1.1
magento2	eq	2.2.0-rc2.0
magento2	eq	2.1.0-rc1
magento2	eq	2.2.0-rc3.0
magento2	eq	0.42.0-beta4
magento2	eq	2.3.2
magento2	eq	0.1.0-alpha104
magento2	eq	0.1.0-alpha97

Rows per page:

1-10 of 801

References

helpx.adobe.com/security/products/magento/apsb23-35.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

Related for OSV:CVE-2023-29297