Security feature bypass

2023-06-1519:15:00

PRIOn knowledge base

www.prio-n.com

adobe commerce

business logic errors

security feature bypass

vulnerability

low-privileged attacker

exploitation

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
commerceeq2.3.7 p1
commerceeq2.4.3
commerceeq2.3.7 p2
commerceeq2.4.4
commerceeq2.3.7
commerceeq2.3.7 p3
commerceeq2.4.5
commerceeq2.4.4 p1
commerceeq2.4.5 p1
commerceeq2.4.4 p2

Name	Operator	Version
commerce	eq	2.3.7 p1
commerce	eq	2.4.3
commerce	eq	2.3.7 p2
commerce	eq	2.4.4
commerce	eq	2.3.7
commerce	eq	2.3.7 p3
commerce	eq	2.4.5
commerce	eq	2.4.4 p1
commerce	eq	2.4.5 p1
commerce	eq	2.4.4 p2