CVE-2022-24093

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGH

EPSS

1.1%

top 21.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Commerce Adobe Magento Open Source Magento Community-edition +2 more

Timeline

PublishedSep 12

Latest updateSep 18

Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages5 packages

▶NVDadobe/commerce2.4.0 — 2.4.3+3

▶CVEListV5adobe/adobe_commerce2.3.7-p2

▶NVDadobe/magento_open_source2.4.0 — 2.4.3+3

▶Packagistmagento/community-edition2.4.3-p1 — 2.4.3-p2+1

▶Packagistmagento/project-community-edition2.0.2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

Magento Open Source affected by Improper Input Validation↗2023-09-18

▶

OSV

Magento Open Source affected by Improper Input Validation↗2023-09-18

▶

CVEList

Adobe Commerce post-auth improper input validation leads to remote code execution↗2023-09-12

▶