8.8

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

Data is provided by the National Vulnerability Database (NVD)
AdobeCommerce Version < 2.3.7
AdobeCommerce Version >= 2.4.0 < 2.4.3
AdobeCommerce Version2.3.7 Update-
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.3.7 Updatep3
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updatep1
AdobeCommerce Version2.4.3 Updatep2
AdobeCommerce Version2.4.4 Update-
MagentoMagento SwEditionopen_source Version < 2.3.7
MagentoMagento SwEditionopen_source Version >= 2.4.0 < 2.4.3
MagentoMagento Version2.3.7 Update- SwEditionopen_source
MagentoMagento Version2.3.7 Updatep1 SwEditionopen_source
MagentoMagento Version2.3.7 Updatep2 SwEditionopen_source
MagentoMagento Version2.3.7 Updatep3 SwEditionopen_source
MagentoMagento Version2.4.3 Update- SwEditionopen_source
MagentoMagento Version2.4.3 Updatep1 SwEditionopen_source
MagentoMagento Version2.4.3 Updatep2 SwEditionopen_source
MagentoMagento Version2.4.4 Update- SwEditionopen_source
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.6% 0.685
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@adobe.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.