10

CVE-2022-24086

Warnung
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeCommerce Version < 2.3.0
AdobeCommerce Version >= 2.3.3 <= 2.3.6
AdobeCommerce Version >= 2.4.0 <= 2.4.2
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updatep1
AdobeMagento SwEditionopen_source Version < 2.3.0
AdobeMagento SwEditionopen_source Version > 2.3.3 <= 2.3.6
AdobeMagento SwEditionopen_source Version >= 2.4.0 <= 2.4.2
AdobeMagento Version2.3.7 Updatep1 SwEditionopen_source
AdobeMagento Version2.3.7 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.3 Update- SwEditionopen_source
AdobeMagento Version2.4.3 Updatep1 SwEditionopen_source

15.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Schwachstelle

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.49% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
psirt@adobe.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.