CVE-2022-34256

CWE-285CWE-863Incorrect Authorization6 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 38.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe CommerceMagento MagentoMagento Community-edition+1 more
Timeline
PublishedAug 16
Latest updateMar 21

Description

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDadobe/commerce2.3.02.3.7+4
CVEListV5adobe/magento_commerceunspecified2.4.4+3
NVDmagento/magento2.3.02.3.7+4
Packagistmagento/community-edition2.3.02.3.7-p4+2

🔴Vulnerability Details

5
OSV
linux-aws vulnerabilities2024-03-21
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-03-18
OSV
Magento Improper Authorization vulnerability2022-08-17
GHSA
Magento Improper Authorization vulnerability2022-08-17
CVEList
Adobe Commerce Improper Authorization Privilege escalation2022-08-16
CVE-2022-34256 (CRITICAL CVSS 9.8) | Adobe Commerce versions 2.4.3-p2 (a | cvebase.io