CVE-2022-24086
published 2022-02-16CVE-2022-24086: Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-03-01
Exploited in the wild
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | commerce | < 2.3.0 | 2.3.0 |
| adobe | commerce | — | — |
| adobe | commerce | — | — |
| adobe | commerce | 2.3.3 – 2.3.6 | — |
| adobe | commerce | 2.4.0 – 2.4.2 | — |
| adobe | magento | < 2.3.0 | 2.3.0 |
| adobe | magento | <= 2.3.6 | — |
| adobe | magento | — | — |
| adobe | magento | — | — |
| adobe | magento | 2.4.0 – 2.4.2 | — |
| adobe | magento_commerce | unspecified – 2.4.3-p1 | — |
| magento | community-edition | >= 2.3.3-p1 < 2.3.7-p3 | 2.3.7-p3 |
| magento | community-edition | >= 2.4.0 < 2.4.3-p2 | 2.4.3-p2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL