Improper access control

2022-10-1420:15:00

PRIOn knowledge base

www.prio-n.com

adobe commerce

vulnerability

access control

security feature bypass

exploitation

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.0%

JSON

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
commerceeq2.4.4
commerceeq2.4.5
commerceeq2.4.4 p1
commercelt2.4.4
magento_open_sourcelt2.4.4
magento_open_sourceeq2.4.5
magento_open_sourceeq2.4.4 p1
magento_open_sourceeq2.4.4

Name	Operator	Version
commerce	eq	2.4.4
commerce	eq	2.4.5
commerce	eq	2.4.4 p1
commerce	lt	2.4.4
magento_open_source	lt	2.4.4
magento_open_source	eq	2.4.5
magento_open_source	eq	2.4.4 p1
magento_open_source	eq	2.4.4

References

helpx.adobe.com/security/products/magento/apsb22-48.html