9.8

CVE-2022-34256

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

Data is provided by the National Vulnerability Database (NVD)
AdobeCommerce Version >= 2.3.0 < 2.3.7
AdobeCommerce Version >= 2.4.0 < 2.4.3
AdobeCommerce Version2.3.7 Update-
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.3.7 Updatep3
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updatep1
AdobeCommerce Version2.4.3 Updatep2
AdobeCommerce Version2.4.4 Update-
MagentoMagento SwEditioncommerce Version >= 2.3.0 < 2.3.7
MagentoMagento SwEditioncommerce Version >= 2.4.0 < 2.4.3
MagentoMagento Version2.3.7 Update- SwEditioncommerce
MagentoMagento Version2.3.7 Updatep1 SwEditioncommerce
MagentoMagento Version2.3.7 Updatep2 SwEditioncommerce
MagentoMagento Version2.3.7 Updatep3 SwEditioncommerce
MagentoMagento Version2.4.3 Update- SwEditioncommerce
MagentoMagento Version2.4.3 Updatep1 SwEditioncommerce
MagentoMagento Version2.4.3 Updatep2 SwEditioncommerce
MagentoMagento Version2.4.4 Update- SwEditioncommerce
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.41% 0.604
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@adobe.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.