Commerce@2.4.4 Security Vulnerabilities and Issues — Commerce@2.4.4 CVE List

Lucene search

AdobeCommerce2.4.4

28 matches found

CVE•added 2023/03/27 9:15 p.m.•254 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of t...

7.5CVSS7.7AI score0.00736EPSS

CVE•added 2023/06/15 7:15 p.m.•112 views

CVE-2023-29297

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation...

9.1CVSS8.3AI score0.06202EPSS

CVE•added 2023/10/13 7:15 a.m.•111 views

CVE-2023-38218

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

8.8CVSS8.5AI score0.00692EPSS

CVE•added 2023/08/09 8:15 a.m.•99 views

CVE-2023-38208

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticat...

9.1CVSS8.4AI score0.03434EPSS

CVE•added 2023/10/13 7:15 a.m.•98 views

CVE-2023-38220

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of...

7.5CVSS7.4AI score0.00153EPSS

CVE•added 2023/03/27 9:15 p.m.•94 views

CVE-2023-22249

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

4.8CVSS4.6AI score0.15675EPSS

CVE•added 2023/10/13 7:15 a.m.•94 views

CVE-2023-26367

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this is...

4.9CVSS4.9AI score0.00331EPSS

CVE•added 2023/10/13 7:15 a.m.•91 views

CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-...

8CVSS7.6AI score0.01412EPSS

CVE•added 2023/03/27 9:15 p.m.•83 views

CVE-2023-22250

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this...

5.3CVSS5AI score0.00044EPSS

CVE•added 2023/10/13 7:15 a.m.•81 views

CVE-2023-38250

8CVSS7.2AI score0.01412EPSS

CVE•added 2023/10/13 7:15 a.m.•80 views

CVE-2023-38219

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. M...

8.7CVSS7.4AI score0.0152EPSS

CVE•added 2023/10/13 7:15 a.m.•80 views

CVE-2023-38221

8CVSS7.6AI score0.01412EPSS

CVE•added 2023/10/13 7:15 a.m.•78 views

CVE-2023-38251

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user int...

5.3CVSS5.1AI score0.00232EPSS

CVE•added 2023/06/15 7:15 p.m.•76 views

CVE-2023-22248

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this iss...

7.5CVSS7.3AI score0.00145EPSS

CVE•added 2023/06/15 7:15 p.m.•75 views

CVE-2023-29290

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this...

5.3CVSS5.1AI score0.00125EPSS

CVE•added 2023/10/13 7:15 a.m.•74 views

CVE-2023-26366

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the appli...

6.8CVSS6.5AI score0.00324EPSS

CVE•added 2023/06/15 7:15 p.m.•71 views

CVE-2023-29289

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user intera...

6.5CVSS6.4AI score0.00322EPSS

CVE•added 2023/06/15 7:15 p.m.•68 views

CVE-2023-29293

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a us...

2.7CVSS3.9AI score0.00035EPSS

CVE•added 2023/03/27 9:15 p.m.•66 views

CVE-2023-22251

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

4.3CVSS4.5AI score0.00222EPSS

CVE•added 2023/06/15 7:15 p.m.•63 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.1AI score0.00413EPSS

CVE•added 2023/08/09 8:15 a.m.•63 views

CVE-2023-38209

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitat...

6.5CVSS6.3AI score0.00132EPSS

CVE•added 2023/06/15 7:15 p.m.•62 views

CVE-2023-29288

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another ...

4.3CVSS4.3AI score0.00183EPSS

CVE•added 2023/08/09 8:15 a.m.•62 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

7.5CVSS7.6AI score0.00697EPSS

CVE•added 2023/06/15 7:15 p.m.•61 views

CVE-2023-29295

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploi...

4.3CVSS4.4AI score0.00103EPSS

CVE•added 2023/06/15 7:15 p.m.•53 views

CVE-2023-29292

4.9CVSS5.5AI score0.00321EPSS

CVE•added 2023/06/15 7:15 p.m.•53 views

CVE-2023-29296

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of anot...

4.3CVSS4.4AI score0.00103EPSS

CVE•added 2023/06/15 7:15 p.m.•52 views

CVE-2023-29287

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does n...

5.3CVSS5.3AI score0.00263EPSS

CVE•added 2023/06/15 7:15 p.m.•50 views

CVE-2023-29294

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitat...

4.3CVSS4.4AI score0.00169EPSS