CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-22248 – Adobe Commerce Incorrect Authorization Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22248
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29287 – Adobe Commerce Information Exposure Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29287
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29288 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2023-29288
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29289 – Adobe Commerce XML Injection Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29289
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29290 – Adobe Commerce Guest Cart Shipping Address Overwrite IDOR
https://notcve.org/view.php?id=CVE-2023-29290
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-353: Missing Support for Integrity Check •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29291 – Server Side Request Forgery (SSRF) in USPS carrier integration configuration
https://notcve.org/view.php?id=CVE-2023-29291
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29292 – Server Side Request Forgery (SSRF) in FedEx carrier integration configuration
https://notcve.org/view.php?id=CVE-2023-29292
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29293 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2023-29293
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29294 – Bypass Purchase Order Approval using Company User in Adobe Commerce B2B
https://notcve.org/view.php?id=CVE-2023-29294
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-840: Business Logic Errors •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29295 – Insecure Direct Object Reference (IDOR) in Create Quote Function
https://notcve.org/view.php?id=CVE-2023-29295
15 Jun 2023 — Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •