10

CVE-2022-24086

Warnung

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeCommerce Version < 2.3.0
AdobeCommerce Version > 2.3.3 <= 2.3.6
AdobeCommerce Version >= 2.4.0 <= 2.4.2
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updatep1
MagentoMagento SwEditioncommerce Version < 2.3.0
MagentoMagento SwEditioncommerce Version > 2.3.3 <= 2.3.6
MagentoMagento SwEditioncommerce Version >= 2.4.0 <= 2.4.2
MagentoMagento Version2.3.7 Updatep1 SwEditioncommerce
MagentoMagento Version2.3.7 Updatep2 SwEditioncommerce
MagentoMagento Version2.4.3 Update- SwEditioncommerce
MagentoMagento Version2.4.3 Updatep1 SwEditioncommerce

15.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Schwachstelle

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 90.34% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
psirt@adobe.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.