First published: Wed Aug 09 2023(Updated: )
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Commerce | <2.4.4 | |
Adobe Commerce | =2.4.4 | |
Adobe Commerce | =2.4.4-p1 | |
Adobe Commerce | =2.4.4-p2 | |
Adobe Commerce | =2.4.4-p3 | |
Adobe Commerce | =2.4.4-p4 | |
Adobe Commerce | =2.4.5 | |
Adobe Commerce | =2.4.5-p1 | |
Adobe Commerce | =2.4.5-p2 | |
Adobe Commerce | =2.4.5-p3 | |
Adobe Commerce | =2.4.6 | |
Adobe Commerce | =2.4.6-p1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-38209.
The severity level of CVE-2023-38209 is medium.
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected.
The vulnerability could lead to an Incorrect Authorization vulnerability that could allow a low-privileged attacker to access other user's data.
Yes, Adobe has released a security update to address the vulnerability. Users are advised to update to the latest version of Adobe Commerce.