Adobe

Commerce

147 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-22247

  • EPSS 0.74%
  • Veröffentlicht 27.03.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:44:23

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests v...

4.8

CVE-2023-22249

  • EPSS 16.87%
  • Veröffentlicht 27.03.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:44:24

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Ma...

5.3

CVE-2023-22250

  • EPSS 0.04%
  • Veröffentlicht 27.03.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:44:24

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availabilit...

4.3

CVE-2023-22251

  • EPSS 0.22%
  • Veröffentlicht 27.03.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:44:24

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

8.8

CVE-2022-42344

  • EPSS 0.6%
  • Veröffentlicht 20.10.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:24:47

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and priv...

5.4

CVE-2022-35698

Warnung
  • EPSS 5.93%
  • Veröffentlicht 14.10.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:11:30

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code ...

5.3

CVE-2022-35689

  • EPSS 0.18%
  • Veröffentlicht 14.10.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:11:28

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability o...

5.3

CVE-2022-35692

  • EPSS 0.2%
  • Veröffentlicht 19.08.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:11:29

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to l...

8.8

CVE-2022-34254

  • EPSS 0.53%
  • Veröffentlicht 16.08.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:09

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inje...

8.8

CVE-2022-34255

  • EPSS 0.69%
  • Veröffentlicht 16.08.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:09

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage...