First published: Wed Aug 09 2023(Updated: )
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Commerce | <2.4.4 | |
Adobe Commerce | =2.4.4 | |
Adobe Commerce | =2.4.4-p1 | |
Adobe Commerce | =2.4.4-p2 | |
Adobe Commerce | =2.4.4-p3 | |
Adobe Commerce | =2.4.4-p4 | |
Adobe Commerce | =2.4.5 | |
Adobe Commerce | =2.4.5-p1 | |
Adobe Commerce | =2.4.5-p2 | |
Adobe Commerce | =2.4.5-p3 | |
Adobe Commerce | =2.4.6 | |
Adobe Commerce | =2.4.6-p1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Adobe Commerce vulnerability is CVE-2023-38207.
The severity level of CVE-2023-38207 is high.
The affected software versions for this vulnerability are Adobe Commerce 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier), and 2.4.4-p4 (and earlier).
This vulnerability could lead to a minor arbitrary file system read.
No, exploitation of this vulnerability does not require user interaction.