CVE-2023-29295 – Insecure Direct Object Reference (IDOR) in Create Quote Function
https://notcve.org/view.php?id=CVE-2023-29295
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •
CVE-2023-29287 – Adobe Commerce Information Exposure Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29287
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-29290 – Adobe Commerce Guest Cart Shipping Address Overwrite IDOR
https://notcve.org/view.php?id=CVE-2023-29290
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-353: Missing Support for Integrity Check •
CVE-2023-29289 – Adobe Commerce XML Injection Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29289
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2023-29296 – [Cloud] Customer suspects IDOR vulnerability
https://notcve.org/view.php?id=CVE-2023-29296
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •