Adobe Commerce@* Security Vulnerabilities and Issues — Adobe Commerce@* CVE List

Lucene search

AdobeAdobe Commerce*

16 matches found

CVE•added 2023/09/12 8:15 a.m.•1201 views

CVE-2022-24093

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

9.1CVSS7.7AI score0.01024EPSS

CVE•added 2023/10/13 7:15 a.m.•111 views

CVE-2023-38218

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

8.8CVSS8.5AI score0.00692EPSS

CVE•added 2023/09/06 2:15 p.m.•103 views

CVE-2021-36023

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

9.1CVSS8.3AI score0.09651EPSS

CVE•added 2023/10/13 7:15 a.m.•98 views

CVE-2023-38220

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of...

7.5CVSS7.4AI score0.00153EPSS

CVE•added 2023/10/13 7:15 a.m.•94 views

CVE-2023-26367

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this is...

4.9CVSS4.9AI score0.00331EPSS

CVE•added 2023/10/13 7:15 a.m.•91 views

CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-...

8CVSS7.6AI score0.01412EPSS

CVE•added 2023/10/13 7:15 a.m.•81 views

CVE-2023-38250

8CVSS7.2AI score0.01412EPSS

CVE•added 2023/10/13 7:15 a.m.•80 views

CVE-2023-38219

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. M...

8.7CVSS7.4AI score0.0152EPSS

CVE•added 2023/10/13 7:15 a.m.•80 views

CVE-2023-38221

8CVSS7.6AI score0.01412EPSS

CVE•added 2023/10/13 7:15 a.m.•78 views

CVE-2023-38251

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user int...

5.3CVSS5.1AI score0.00232EPSS

CVE•added 2023/10/13 7:15 a.m.•73 views

CVE-2023-26366

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the appli...

6.8CVSS6.5AI score0.00324EPSS

CVE•added 2023/06/15 7:15 p.m.•68 views

CVE-2023-29293

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a us...

2.7CVSS3.9AI score0.00035EPSS

CVE•added 2023/09/06 2:15 p.m.•63 views

CVE-2021-36036

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative pri...

7.2CVSS7.1AI score0.01182EPSS

CVE•added 2023/06/15 7:15 p.m.•62 views

CVE-2023-29288

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another ...

4.3CVSS4.3AI score0.00183EPSS

CVE•added 2023/08/09 8:15 a.m.•62 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

7.5CVSS7.6AI score0.00697EPSS

CVE•added 2023/09/06 2:15 p.m.•48 views

CVE-2021-36021

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote c...

7.2CVSS7.1AI score0.00898EPSS