5.3
CVE-2022-35689
- EPSS 0.18%
- Veröffentlicht 14.10.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:11:28
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Magento Open Source Version < 2.4.4
Adobe ≫ Magento Open Source Version2.4.4 Update-
Adobe ≫ Magento Open Source Version2.4.4 Updatep1
Adobe ≫ Magento Open Source Version2.4.5 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.